Tuesday, December 17, 2024
FTC aims to bolster privacy of health data.

FTC aims to bolster privacy of health data.

The FTC Proposes Changes to Health Breach Notification Rule

The Federal Trade Commission (FTC) is seeking public input on proposed changes to the Health Breach Notification Rule (HBNR), which would clarify how the rule applies to health apps and similar technologies. The HBNR mandates that vendors of personal health records (PHR) and related entities not covered by the Health Insurance Portability and Accountability Act (HIPAA) need to notify individuals, the FTC, and, in some cases, the media of a breach of unsecured personally identifiable health data. It also compels third-party service providers to PHR vendors and related entities to alert these companies upon discovering a breach.

Exploding Health App and Device Usage Spurs FTC Action

Samuel Levine, the director of the FTC’s Bureau of Consumer Protection, explains that business practices and technological developments have led to vast amounts of health data being collected from consumers and used for marketing and other purposes. As a result, the proposed changes to the HBNR include greater clarity on how the rule applies to health apps and similar devices that fall outside of HIPAA’s coverage. Levine notes that the proliferation of these apps and devices, and their acquisition of sensitive consumer health data, make it more important than ever for companies covered by the HBNR to notify both the FTC and affected individuals in a timely manner when a breach occurs.

Recent Enforcement Actions Prompt FTC to Seek Feedback

The FTC has recently taken enforcement actions under the HBNR against two companies. In May of 2023, the FTC announced a proposed order settling allegations that the fertility app Premom violated the HBNR. In February of the same year, it also announced its first enforcement action against telehealth and prescription drug discount provider GoodRx. Both companies had failed to notify users of their unauthorized disclosure of users’ personally identifiable health information to third parties. These incidents, along with the growth of health apps and devices, have spurred the FTC to seek feedback on proposed changes to the HBNR.

Proposed Changes to the HBNR

  • Revised definitions to clarify the rule’s application to health apps and similar technologies not covered by HIPAA.
  • Clarification on “breach of security” to include unauthorized acquisition and unauthorized disclosure of identifiable health information due to data security breach or other reasons.
  • Revised “PHR related entity” definition to clarify that only entities that access or send unsecured PHR identifiable information to a personal health record qualify under the HBNR.
  • Clarification on what constitutes PHR identifiable health information.
  • Authorization of expanded use of email and other electronic means to provide clear and effective notice of a breach to consumers.
  • Expansion of required content in breach notices to include potential harm stemming from the breach and the names of any third parties with acquired unsecured personally identifiable health information.
  • Changes designed to improve the rule’s readability and promote compliance.

Public Feedback Period

The public has 60 days from the date of publication in the Federal Register, which is May 18, to provide feedback on the proposed changes to the HBNR. Once processed, the comments will be posted on Regulations.gov.

Source

About Clio Nguyen

Introducing the brilliant Clio Nguyen, an esteemed author on our blog with a true dedication to health and wellness. With an impressive depth of knowledge and a commitment to staying on the cutting edge of research and trends, Clio offers invaluable insights and advice that will empower her readers to achieve a healthy life. Join her on this transformative journey and discover the keys to a healthier, happier you!

Check Also

Health heroines divulge tactics and overarching visions - NPR.

Health heroines divulge tactics and overarching visions – NPR.

Two ‘heroines of health’ share stealth strategies and big-picture … Two ‘heroines of health’ share …

Leave a Reply

Your email address will not be published. Required fields are marked *