FTC warns app makers fall under breach notification rule
The U.S. Federal Trade Commission issued a policy brief Wednesday clarifying when healthcare apps would be subject to the Health Breach Notification Rule that requires entities not covered by HIPAA to notify consumers if private health information is compromised.
The FTC said that developers of health apps and connected devices are considered healthcare providers, and if they disclose sensitive information without authorization that would be considered a breach.
The agency also noted that a breach must be reported regardless of whether it was the result of malicious action. Any unauthorized access, including sharing information without consent, would trigger the rule.
The FTC said apps are subject to the breach notification rule if they are...