Share this article on:
The US Federal Trade Commission has published a set of proposed changes to its Health Breach Notification Rule, aimed at strengthening and broadening the reporting requirements of the rule.
The changes would mean that the scope of the HBN rule would now cover “developers of many health applications”, and updates the definition of a security breach to include unauthorised disclosures and data breaches. It also broadens the definition of personal health records while also clarifying “what it means for a vendor of personal health records to draw PHR identifiable health information from multiple sources”.
The rule changes also propose modernising the methods of notice while also expanding the content that is required to go into said notices.
Finally, the changes improve the readability of the rule by “clarifying cross-references and adding statutory citations, consolidating notice and timing requirements, and articulating the penalties for non-compliance”.
The changes are based on a 2021 policy statement that was opposed by two Republican members of the commission who have since resigned, allowing the Democrat majority of commissioners to move ahead with the update.
“As an outgrowth of the COVID-19 pandemic, consumers’ use of health-related technologies has increased significantly,” said Lina Khan, chair of the FTC, during a public meeting on Thursday (18 May).
“Once published in the Federal Register, the rule-making proposal will be open to public comment for 60 days,” Khan said.
“Companies these days are collecting, using, and disposing of vast amounts of consumers’ sensitive data. Consistent with the commission’s priorities, we are committed to [using] every tool available to protect the American public from privacy harms — not just through longer privacy policies and more boxes to check, but through real guardrails on the use and abuse of people’s sensitive information.”
The FTC has published the full set of proposals for public comment, with stakeholders having 60 days to have their say on the changes.
David Hollingworth has been writing about technology for over 20 years, and has worked for a range of print and online titles in his career. He is enjoying getting to grips with cyber security, especially when it lets him talk about Lego.