FTC Announces Reforms to the Health Breach Notification Rule

May 16, 2024

On April 26, 2024, the Federal Trade Commission (“FTC” or the “Commission”) announced changes to the Health Breach Notification Rule (“HBNR”), which requires certain entities not covered by the Health Insurance Portability and Accountability Act (“HIPAA”) to notify consumers, the FTC, and, in some cases, the media of breaches of unsecured personally identifiable health data.

The final rule seeks to address technological and industry advancements since the original HBNR was adopted in 2009 by clarifying the rule’s applicability to direct-to-consumer health technologies (such as fitness trackers) which have proliferated in recent years. The final rule also expands the information that covered entities must provide to consumers when notifying individuals of a data breach.

Please click here to continue reading on the Cleary Cybersecurity and Privacy Watch blog.