Health Breach Notification Rule Archives

FTC Amends Health Breach Notification Rule to Regulate Health Apps and Expand Breach Notification Requirements

by Jennifer S. Geetter, Edward G. Zacharias, Alya Sulaiman, Kyle E. Hafkey and Abby Higgins | Jun 26, 2024 | Digital Health, Privacy and Data Security

On April 26, 2024, the Federal Trade Commission (FTC) issued a final rule to amend its Health Breach Notification Rule (HBN Rule). The HBN Rule works as a compliment and counterpart to the breach notification requirements established under the Health Insurance Portability and Accountability Act (HIPAA) for HIPAA-regulated entities. Specifically, the HBN Rule requires that vendors of personal health records (PHRs) and related entities that are not covered by HIPAA notify individuals, the FTC and, in some cases, media outlets of a breach of unsecured personally identifiable health data. Stakeholders should carefully review the final rule to understand how organizations will be impacted.

FTC Proposes Health Breach Notification Rule Amendments

by Jennifer S. Geetter, Edward G. Zacharias and Purnima Boominathan | Jun 20, 2023 | Digital Health, Employee Benefits, Health and Welfare Plans

At a recent open Commission meeting, the Federal Trade Commission (FTC) voted unanimously to issue a Notice of Proposed Rulemaking to amend the Health Breach Notification Rule (HBNR). The FTC’s proposed amendment aims to codify the HBNR’s application to digital health and mobile technologies. However, several aspects of the proposed amendment lack clarity and are likely to cause confusion unless further clarified through the ongoing rulemaking process.

FTC Issues Policy Statement Expanding Interpretation of Health Breach Notification Rule’s Scope

by Carolyn Metnick, Edward G. Zacharias and Sam Siegfried | Oct 13, 2021 | Digital Health, Employee Benefits, Health and Welfare Plans, Privacy and Data Security

On September 15, 2021, the Federal Trade Commission (FTC) voted 3–2 along party lines (with Republican commissioners dissenting) to issue a policy statement announcing an expansive interpretation of the FTC’s Health Breach Notification Rule, 16 CFR Part 318 (the Rule). According to the policy statement, the Rule applies to health apps and connected devices that are not subject to the Health Insurance Portability and Accountability Act (HIPAA) but are capable of drawing information from multiple sources—for example, through a combination of consumer inputs and application programming interfaces (APIs).

Protecting the Telehealth Consumer: FTC and State-Based Considerations

by Jiayan Chen | Sep 21, 2021 | Digital Health, Employee Benefits, Health and Welfare Plans, Privacy and Data Security

Telemedicine in the United States is facing an important crossroads. While telehealth services have demonstrated their value as an integral part of care delivery, federal and state waivers instituted during the COVID-19 pandemic are likely to expire soon. As lawmakers and agency officials consider updated or expanded digital health rules, regulators are expected to intensify their scrutiny of providers.

In this webinar, McDermott partners Jiayan Chen and Brian J. Boyle explore consumer protections for telehealth consumers, including the following:

Privacy considerations beyond the Health Insurance Portability and Accountability Act of 1996, including Federal Trade Commission requirements;
How to prepare for the Health Breach Notification Rule;
The ins and outs of advertising telehealth, including claims, endorsements and social media;
Strategies for engaging with users in the digital environment; and
Increased fraud enforcement.

Access the webinar.