Skip to main content
Skip to navigation

Regulatory Policy

Mobile health apps must follow FTC breach notice rule after update

By Adrianne Appel2024-04-26T18:49:00

Mobile health applications and similar technologies must notify customers following a data breach or risk violating the Federal Trade Commission’s (FTC) health breach notification rule (HBNR), part of a broad update approved by the agency.

Many providers of direct health services, such as hospitals and doctors, are required to protect personal information under the Health Insurance Portability and Accountability Act (HIPAA). The HBNR pertains to health entities not beholden to HIPAA, such as certain vendors of health records, and requires them to notify individuals about data incidents.

The FTC has applied the HBNR to mobile health applications, as its recent enforcement actions against GoodRx and Easy Healthcare show.

THIS IS MEMBERS-ONLY CONTENT

cw-membership

You are not logged in and do not have access to members-only content.

If you are already a registered user or a member, SIGN IN now.

Related articles

News Brief
Cerebral set to pay $7M over alleged patient data sharing

2024-06-12T02:05:00Z By Jeff Dale

The Department of Justice and Federal Trade Commission proposed telehealth company Cerebral pay a total of $7 million for its alleged sharing of patient data and deceptive business practices in violation of the FTC Act.
News Brief
State AGs tell UnitedHealth to do more in cyberattack aftermath

2024-04-30T20:18:00Z By Adrianne Appel

UnitedHealth Group’s response to a major cyberattack in February that wreaked havoc with medical payments nationwide has been “inadequate” and must be improved immediately, a group of 22 state attorneys general told the company.
News Brief
Williams-Sonoma fined record $3.2M over admitted ‘Made in USA’ order violations

2024-04-29T18:50:00Z By Jeff Dale

Kitchen and home retail company Williams-Sonoma agreed to pay nearly $3.2 million for failing to comply with a 2020 administrative order by the Federal Trade Commission prohibiting its marketing of imported goods as made in the United States.

More from Regulatory Policy

Article
Bank of England tightens liquidity requirements for U.K. banks

2026-03-25T20:37:00Z By Ruth Prickett

U.K. banks must reassess how quickly they could monetize their assets in the event of a crisis under new rules proposed by the Bank of England’s regulatory body, the Prudential Regulation Authority. The proposals are the first changes to the liquidity rules since these were updated in the aftermath of ...
Article
Europe’s groundbreaking crypto rules put at risk by delays in implementation

2026-03-24T21:25:00Z By Neil Hodge

Europe may have taken the lead in attempting to regulate cryptoasset firms before any other major jurisdiction, but a year after the ground-breaking rules came into force, it does not necessarily follow that they are robust or that the industry they are meant to hold accountable is embracing them.
Article
Compliance must focus on corruption as EU and U.K. seek to tackle rising risks

2026-03-19T14:50:00Z By Ruth Prickett

Corruption isn’t something that happens somewhere else, in other countries and committed by other people. Nowhere is corruption-proof, and new rules being introduced in the EU and the U.K. aim to focus compliance officers on the full gamut of risks in all jurisdictions and every sector.