FTC Seeks Comment on Breach Notification Rule for Health Data

HealthITSecurity.com

Jessica Davis

The Federal Trade Commission is seeking comment from industry stakeholders on breach notification requirements for entities that collect personally identifiable health information but aren’t covered by HIPAA regulations.

As noted by a host of others in the past, including the Department of Health and Human Services, third-party apps chosen by patients are not typically covered by HIPAA.

Instead, the FTC’s breach notification rule, enacted in 2009, requires vendors and related entities not covered by the privacy regulation ...

Get the Morning Update

Thanks for subscribing!