The Federal Trade Commission recently made updates to its health data breach notification measures, expanding coverage to include more apps and technologies that were not previously covered by existing federal health privacy laws. These changes were made in the health breach notification final rule (RIN 3084-AB56), which was issued on Friday.
One of the key changes includes a revision to the definition of “public health record related entity” to clarify that this category includes individuals or entities that provide products and services online, including mobile applications, as well as vendors of personal health records. This update ensures that a wider range of entities are now required to comply with health data breach notification measures.
The FTC’s action is significant because many health apps and technologies fall outside the scope of the Health Insurance Portability and Accountability Act (HIPAA). This means that these entities may not have been previously covered by regulations that govern the protection of individuals’ health data. By updating its notification measures, the FTC is taking steps to address this gap in protection and ensure that health data privacy is upheld across a broader range of platforms.