Data Breach - Healthcare Empowered

Summary of article from Fierce Healthcare, by Heather Landi:

The Federal Trade Commission (FTC) has finalized the revised Health Breach Notification Rule (HBNR) to enhance data privacy protection for consumers using digital health apps. The rule mandates vendors managing digital health records to notify individuals, the FTC, and sometimes the media, of any breach of unsecured personally identifiable health data. The data includes traditional health information, data from fitness trackers, and “emergent health data” such as health information inferred from location data and health-related purchases. The rule also obligates third-party service providers to notify vendors of personal health records following a breach discovery. The rule will be effective 60 days after its publication in the Federal Register.

Summary of article from Gov Info Security, by Marianne Kolbasuk McGee:

Kaiser Foundation Health Plan reported a data breach affecting 13.4 million individuals due to unauthorized access/disclosure from its previous use of online tracking technologies on its websites and mobile applications. Personal information potentially transmitted to third-party vendors like Google, Microsoft Bing, and Twitter includes IP addresses, names, account sign-in information, website navigation data, and search terms. No sensitive information like usernames, passwords, Social Security numbers, or financial account details were disclosed. Kaiser Permanente has since removed these online technologies and implemented measures to prevent such incidents in future. Despite no known misuse of the personal information, the organization will notify affected individuals directly in May out of caution.