FTC Health App Guidance: Health Breach Notification Rule Applies
National Law Review October 20, 2021
The Federal Trade Commission (“FTC”) recently issued guidance clarifying protections applicable to consumers’ sensitive personal data increasingly collected by so-called “health apps.” The FTC press release indicated it has approved a policy statement by a vote of 3-2 offering guidance that organizations using “health applications and connected devices” to “collect or use” consumers’ personal health information must comply with the cybersecurity, privacy and notification mandates of the Health Breach Notification Rule (the “Rule”).
The FTC’s policy statement, entitled “On Breaches by Health Apps and Other Connected Devices,” attempts to clarify the Rule by stating that mobile health applications and interactive tools used by organizations that are not covered by the Health Insurance Portability and Accountability Act (“HIPAA”) are regulated by...