Expanding Health Data Breach Notification Measures: FTC Takes Proactive Steps to Protect Consumers’ Sensitive Information

The Federal Trade Commission (FTC) has recently announced changes to its health data breach notification measures to encompass a wider range of apps and technologies that are not currently covered by federal health privacy laws. These updates were issued on Friday and include modifications to the definition of “public health record related entity” to clarify that this category includes individuals offering products and services online, such as mobile applications, or vendors of personal health records.

This action is significant because it addresses a gap in current regulations, as many health apps are not subject to the Health Insurance Portability and Accountability Act (HIPAA). HIPAA primarily focuses on healthcare providers, health plans, and healthcare clearinghouses when it comes to protecting health information. By expanding the scope of entities subject to health data breach notification requirements, the FTC is taking proactive steps to ensure that individuals’ sensitive health information is protected regardless of the platform or technology being used.

Overall, these updates aim to enhance privacy and security measures for consumers using health-related apps and technologies. By bringing more entities under the umbrella of health data protection regulations, the FTC is promoting accountability in the digital health landscape and safeguarding sensitive information from potential breaches.