IDEAS home Printed from https://ideas.repec.org/a/aza/jdpp00/y2024v7i1p41-50.html
   My bibliography  Save this article

Changes to the Federal Trade Commission (FTC) Health Breach Notification Rule closes some gaps but adds some ambiguity

Author

Listed:
  • Car, Trinity

    (Managing Counsel, Privacy, Syneos Health, USA)

  • Rostolsky, Brad

    (Shareholder, Greenberg Traurig, USA)

Abstract

On 26th April, 2024, the Federal Trade Commission (FTC) issued a final rule amending the 2009 Health Breach Notification Rule (HBNR). The primary aim of the Final Rule is to close gaps between the preceding version of the FTC's breach notification rule and the protections offered by the breach notification regulations under the Health Insurance Portability and Accountability Act of 1996 (HIPAA). The FTC focused on the personal data regularly processed by direct-to-consumer Health Apps, which represent a growing segment of the healthcare industry not regulated by HIPAA. This paper provides an in-depth analysis of the changes introduced by the Final Rule, the implications for businesses not regulated by HIPAA, and the potential operational ripple effects for many businesses now regulated under the Final Rule. It also discusses the updated individual notification obligations and the need for impacted individuals to be made aware of potential risks while balancing issues related to notice fatigue.

Suggested Citation

  • Car, Trinity & Rostolsky, Brad, 2024. "Changes to the Federal Trade Commission (FTC) Health Breach Notification Rule closes some gaps but adds some ambiguity," Journal of Data Protection & Privacy, Henry Stewart Publications, vol. 7(1), pages 41-50, November.
    • Handle: RePEc:aza:jdpp00:y:2024:v:7:i:1:p:41-50
    as

    Download full text from publisher

    File URL: https://hstalks.com/article/8927/download/
    Download Restriction: Requires a paid subscription for full access.
    File URL: https://hstalks.com/article/8927/
    Download Restriction: Requires a paid subscription for full access.
    ---><---

    As the access to this document is restricted, you may want to search for a different version of it.

    More about this item

    Keywords

    Health Breach Notification Rule; Federal Trade Commission; personal health records; HIPAA; data privacy; mobile health apps;
    All these keywords.

    JEL classification:

    • K2 - Law and Economics - - Regulation and Business Law

    Statistics

    Access and download statistics

    Corrections

    All material on this site has been provided by the respective publishers and authors. You can help correct errors and omissions. When requesting a correction, please mention this item's handle: RePEc:aza:jdpp00:y:2024:v:7:i:1:p:41-50. See general information about how to correct material in RePEc.

    If you have authored this item and are not yet registered with RePEc, we encourage you to do it here. This allows to link your profile to this item. It also allows you to accept potential citations to this item that we are uncertain about.

    We have no bibliographic references for this item. You can help adding them by using this form .

    If you know of missing items citing this one, you can help us creating those links by adding the relevant references in the same way as above, for each refering item. If you are a registered author of this item, you may also want to check the "citations" tab in your RePEc Author Service profile, as there may be some citations waiting for confirmation.

    For technical questions regarding this item, or to correct its authors, title, abstract, bibliographic or download information, contact: Henry Stewart Talks (email available below). General contact details of provider: .

    Please note that corrections may take a couple of weeks to filter through the various RePEc services.

    IDEAS is a RePEc service. RePEc uses bibliographic data supplied by the respective publishers.