At a recent open Commission meeting, the Federal Trade Commission (FTC) voted unanimously to issue a Notice of Proposed Rulemaking to amend the Health Breach Notification Rule (HBNR). The FTC’s proposed amendment aims to codify the HBNR’s application to digital health and mobile technologies. However, several aspects of the proposed amendment lack clarity and are likely to cause confusion unless further clarified through the ongoing rulemaking process.
On September 15, 2021, the Federal Trade Commission (FTC) voted 3–2 along party lines (with Republican commissioners dissenting) to issue a policy statement announcing an expansive interpretation of the FTC’s Health Breach Notification Rule, 16 CFR Part 318 (the Rule). According to the policy statement, the Rule applies to health apps and connected devices that are not subject to the Health Insurance Portability and Accountability Act (HIPAA) but are capable of drawing information from multiple sources—for example, through a combination of consumer inputs and application programming interfaces (APIs).
Subscribe
