FTC Health Breach Notification Rule: Expanding Scope and Enforcement
In August 2009, the Federal Trade Commission (FTC) issued the Health Breach Notification Rule (Breach Rule), which requires vendors of personal health records and related entities to provide notice to consumers following a breach. After over a decade without any enforcement of the Breach Rule, the FTC issued a policy statement in September 2021 clarifying that health apps and connected device companies must comply with the Breach Rule. Jon Moore, Chief Risk Officer and Senior Vice President of Consulting Services, Clearwater, speaks with Ty Kayam, Attorney, Microsoft, and Adam Greene, Partner, Davis Wright Tremaine LLP, about the history of the Breach Rule, the FTC’s new interpretation, and potential future enforcement. Adam and Ty recently authored an AHLA Briefing on this subject. From AHLA’s Health Information and Technology Practice Group. Sponsored by Clearwater.