- Topics
- Regions
- Events
- Webcasts
- Resources
- CW Exclusives
- Membership
“For tracking litigation, enforcement, and regulatory developments, Compliance Week
should be your prime source.”- Chief Compliance Officer and VP of Legal Affairs, Arrow Electronics
Mobile health apps must follow FTC breach notice rule after update
By 
Adrianne Appel2024-04-26T18:49:00
Mobile health applications and similar technologies must notify customers following a data breach or risk violating the Federal Trade Commission’s (FTC) health breach notification rule (HBNR), part of a broad update approved by the agency.
Many providers of direct health services, such as hospitals and doctors, are required to protect personal information under the Health Insurance Portability and Accountability Act (HIPAA). The HBNR pertains to health entities not beholden to HIPAA, such as certain vendors of health records, and requires them to notify individuals about data incidents.
The FTC has applied the HBNR to mobile health applications, as its recent enforcement actions against GoodRx and Easy Healthcare show.
THIS IS MEMBERS-ONLY CONTENT
You are not logged in and do not have access to members-only content.
If you are already a registered user or a member, SIGN IN now.
Related articles
-
News BriefCerebral set to pay $7M over alleged patient data sharing
The Department of Justice and Federal Trade Commission proposed telehealth company Cerebral pay a total of $7 million for its alleged sharing of patient data and deceptive business practices in violation of the FTC Act.
-
News BriefState AGs tell UnitedHealth to do more in cyberattack aftermath
UnitedHealth Group’s response to a major cyberattack in February that wreaked havoc with medical payments nationwide has been “inadequate” and must be improved immediately, a group of 22 state attorneys general told the company.
-
News BriefWilliams-Sonoma fined record $3.2M over admitted ‘Made in USA’ order violations
Kitchen and home retail company Williams-Sonoma agreed to pay nearly $3.2 million for failing to comply with a 2020 administrative order by the Federal Trade Commission prohibiting its marketing of imported goods as made in the United States.
More from Regulatory Policy
-
PremiumExperts say DORA compliance not coming easy as more firms pass buck to IT providers
New rules have come into effect across the European Union to promote better cybersecurity and IT resilience across the financial services sector, but experts warn that compliance is likely to be patchy and regulatory enforcement across the bloc perhaps even patchier.
-
News BriefTrump gives TikTok 75-day reprieve after ban goes into effect
President Donald Trump signed an executive order Monday delaying the Department of Justice (DOJ) from enforcing the long-awaited TikTok ban. While the social media platform’s fate is still up in the air, Trump signaled his support for it being sold, with the U.S. as a “partner.”
-
PremiumThe Rise, Fall, and Rise of Crypto: Lessons from FTX amidst a changing regulatory landscape
As President Trump assumes power, the crypto industry is in the spotlight. Trump has tapped popular crypto advocate Paul Atkins to lead the SEC, and crypto proponents feel positive about gaining fast-tracked guidance. Crypto experts and industry leaders share insights into what the industry needs from regulators to drive innovation. ...