Health Law Highlights

FTC Finalizes Expansion of Health Breach Notification Rule’s Broad Applicability to Unauthorized App Disclosures

Summary of article from Davis Wright Tremaine, by Adam H. Greene, Apurva Dharia:

The Federal Trade Commission (FTC) has finalized changes to the Health Breach Notification Rule (HBNR), expanding its scope to include virtually all health and wellness apps. The revised rule requires vendors of personal health records (PHRs) and related entities to notify individuals, the FTC, and, in some cases, the media of any unauthorized disclosure of identifiable health data. The updated rule also includes a broader definition of “health care services or supplies” and “breach of security,” and clarifies the role and responsibilities of PHR related entities. The FTC has also modernized the method of notice, expanded the content of the notice, and revised the timing of notice to the FTC. The changes signal the FTC’s increased prioritization of protecting consumers’ sensitive health information.