noodls browser compatibility check

The security settings of your browser are blocking the execution of scripts.

To use noodls, javascript support must be enabled. Please change your browser's security settings to enable javascript.

If you have changed your browser's security settings, you can click here.

related announcements

News

Textron Aviation Inc.

Textron Aviation presents best and final offer to International[...]
John Kennedy

Senate passes Kennedy backed bill to make Biden Harris admin’s DHS[...]
U.S. House of Representatives[...]

Full Committee Markup Recap: E&C Advances 15 Bills to the Full House

Politics and Policy

Federal Trade Commission

01/21/2022 | News release | Distributed by Public on 01/21/2022 13:59

Revised Health Breach Notification Rule resources spell out companies’ legal obligations

Shoppers can find a plethora of apps, trackers, and sensors that hold or capture almost every conceivable form of personal health information. If your business or nonprofit offers products like that or provides certain services to entities that do - and you aren't subject to HIPAA - you may be covered by the FTC's Health Breach Notification Rule (HBNR). The FTC has two new publications to help determine if the Rule applies to you and the steps you must take if there's a breach. The FTC also unveiled another new resource to help you meet your compliance obligations.

Entities covered by the Health Breach Notification Rule must notify their customers, the FTC, and, in some cases, the media if there's a breach of unsecured, individually identifiable health information. In September 2021, the Commission issued a Policy Statementclarifying that the Rule applies to makers of health apps, connected devices, and similar products. A breach under the HBNR includes both cybersecurity intrusions and instances of unauthorized access - for example, when sensitive health information is disclosed without the user's authorization.

Looking for a sticky note-sized recap of what the Rule requires? Health Breach Notification Rule: The Basics For Business offers a quick introduction. If you need more detailed guidance, Complying With the FTC's Health Breach Notification Rule addresses who's covered, what triggers notification, and what to do if a breach occurs, including the who, when, how, and what of notification. In addition, you'll find FAQs with answers to questions HBNR-covered organizations are asking.

Even if a business isn't covered by the Health Breach Notification Rule, the FTC has used Section 5's prohibition on deceptive and unfair practices to challenge illegal conduct related to the use of consumers' health information. Of course, prevention is the best medicine, so we've created a new Health Privacypage for businesses where you'll find cases, blog posts, and other materials to help companies - especially small businesses - honor established legal standards. The page includes a can't-miss-it link that entities covered by the Rule can use to report breaches of health information.

Sharing and Personal Tools

Please select the service you want to use:

Back

View original format