The Federal Trade Commission recently unveiled updates to its health data breach notification measures, aimed at broadening the scope of entities subject to these requirements. This action addresses a loophole in current regulations, as many health apps are not covered by the Health Insurance Portability and Accountability Act (HIPAA). HIPAA mainly focuses on healthcare providers, health plans, and healthcare clearinghouses when it comes to safeguarding health information.
By expanding the definition of entities subject to health data breach notification requirements, the FTC is taking proactive steps to ensure that individuals’ health information is protected regardless of the platform or technology being used. These updates aim to enhance privacy and security measures for consumers using health-related apps and technologies. With more entities under the umbrella of health data protection regulations, the FTC is promoting accountability in the digital health landscape and working to safeguard sensitive health information.