Skip to Content

Lawmakers Urge FTC to Enforce Health Breach Notification Rule


Members of Congress are again calling on the Federal Trade Commission (FTC) to begin using its existing authority to protect personal health data. In particular, they are demanding the FTC take enforcement action against certain fertility-tracking mobile apps that allegedly violate the decade-old FTC Health Breach Notification Rule, which covers certain entities not regulated under HIPAA.

The FTC's Health Breach Notification Rule, which is part of the American Recovery and Reinvestment Act of 2009, addresses privacy issues related to personal health records, including certain mobile apps, the lawmakers write.

For the most part, the HIPAA rules - enforced by the Department of Health and Human Services' Office for Civil Rights - do not cover health data shared directly by consumers with technology vendors outside of healthcare settings, as is the case with many fertility-tracking apps.

The lawmakers urged the FTC to take enforcement action against fertility-tracking mobile apps that violate the Health Breach Notification Rule or "other applicable regulations," citing the Flo menstruation-tracking app and Premom fertility-tracking app as examples.

Ashley Thomas predicts FTC enforcement may be increasing in cases involving health data privacy and security issues. Ashley states that even though the FTC was pretty active in bringing privacy and data security cases during the Trump administration, it is highly likely that it will become even more of a focus in the new administration.

Read the full article here