• Revenue Cycle Management
  • COVID-19
  • Reimbursement
  • Diabetes Awareness Month
  • Risk Management
  • Patient Retention
  • Staffing
  • Medical Economics® 100th Anniversary
  • Coding and documentation
  • Business of Endocrinology
  • Telehealth
  • Physicians Financial News
  • Cybersecurity
  • Cardiovascular Clinical Consult
  • Locum Tenens, brought to you by LocumLife®
  • Weight Management
  • Business of Women's Health
  • Practice Efficiency
  • Finance and Wealth
  • EHRs
  • Remote Patient Monitoring
  • Sponsored Webinars
  • Medical Technology
  • Billing and collections
  • Acute Pain Management
  • Exclusive Content
  • Value-based Care
  • Business of Pediatrics
  • Concierge Medicine 2.0 by Castle Connolly Private Health Partners
  • Practice Growth
  • Concierge Medicine
  • Business of Cardiology
  • Implementing the Topcon Ocular Telehealth Platform
  • Malpractice
  • Influenza
  • Sexual Health
  • Chronic Conditions
  • Technology
  • Legal and Policy
  • Money
  • Opinion
  • Vaccines
  • Practice Management
  • Patient Relations
  • Careers

FTC warns of responsibility in health app breaches


The agency wants to give clarity to the Health Breach Notification Rule.

FTC warns of responsibility in health app breaches

Because of the prevalence of apps and connected devices transferring health data, the Federal Trade Commission (FTC) is offering clarity on the Health Breach Notification Rule.

According to a statement from the agency, the rule ensures that entities not covered by the Health insurance Portability and Accountability Act (HIPAA) still face consequences when health data is compromised. It requires vendors of personal health records (PHR) and PHR-related entities must notify consumers and the FTC, and possibly the media, if unsecured identifiable health information is breached or face civil penalties. It also covers these entities’ service providers.

Simply put, the statement says those entities covered by the rule which have experienced breaches cannot hide this from the consumers who have trusted them with sensitive health information.

Issued more than a decade ago, the rule’s requirements with respect to health apps and connected devices are more important than ever with the explosion in their use. While the FTC has advised mobile health app to examine their obligations under the rule, the agency has never enforced it and many entities appear to misunderstand its requirements, according to the statement.

The statement goes on to explain that the rule is triggered when a vendor of PHR with individually identifiable health information created or received by a healthcare provider experiences a breach of security. These breaches are not limited to cybersecurity intrusions or nefarious actions. Incidents of unauthorized access, including sharing of covered information without the individual’s consent, triggers the notification obligation of the rule.

Cybersecurity concerns

The COVID-19 pandemic has exposed the cybersecurity gaps of many healthcare organizations and saw an increase in attacks from bad actors.

Some tips to keep your practice safe include:

  • Protect your internet connection
  • Protect wi-fi hotspots
  • Protect your windows
  • Secure wi-fi access
  • Limit wi-fi access time
  • Use a VPN for remote access
  • Beware of your printer and copier
  • Always have a backup
Related Videos
Kyle Zebley headshot
Kyle Zebley headshot
Kyle Zebley headshot
Michael J. Barry, MD
Hadi Chaudhry, President and CEO, CareCloud
Claire Ernst, JD, gives expert advice
Arien Malec