HealthcareCISO

The Federal Trade Commission is seeking comment from industry stakeholders on breach notification requirements for entities that collect personally identifiable health information but aren’t covered by HIPAA regulations.

As noted by a host of others in the past, including the Department of Health and Human Services, third-party apps chosen by patients are not typically covered by HIPAA.

Instead, the FTC’s breach notification rule, enacted in 2009, requires vendors and related entities not covered by the privacy regulation ...