FTC revised Health Breach Notification Rule now in effect
PharmaLive
|
Contributed by: Drex DeFord
Summary
The Federal Trade Commission (FTC) has updated its Health Breach Notification Rule (HBNR), effective July 29, 2024, to address the evolving landscape of health data privacy. The revised rule now explicitly includes health apps and connected devices, such as wearables, under its purview and defines a breach to include unauthorized disclosures of personal health information to third-party platforms like Facebook and Google. Key changes involve new definitions of “PHR identifiable health information,” expanded requirements for breach notifications, and specific timeframes for informing both consumers and the FTC in case of data security breaches. The rule emphasizes the importance of protecting personal health data amid increasing data collection and usage for marketing purposes.