The Federal Trade Commission (FTC) hardens data security rules for health apps and devices

FTC says it will fine digital health companies that don’t disclose data breaches (mobihealthnews): With data breaches on the rise, the FTC is looking to make health apps more accountable for telling patients when their data has been exposed. The FTC released a new statement specifying that all health apps that capture sensitive patient information notify users, the commission itself and in some cases the media when a security breach has compromised identifiable health data. If the company fails to do so it could face a fine of $43,792 per day of violation. The ruling is actually more than ten years old, but according to the FTC statement, it was never enforced and was misunderstood by many companies. The ruling includes vendors of personal health records (PHR) and PHR-related functions, which draw information from multiple sources. This new statement specifies that apps which draw information from multiple outlets (i.e. ones that pull in wearable data through an API and also collects user input) are now subject to this ruling. The commission said that apps that “track diseases, diagnoses, treatment, medications, fitness, fertility, sleep, mental health, diet and other vital areas.” The Announcement: FTC Warns Health Apps and Connected Device Companies to Comply With Health Breach Notification Rule (press release): The Federal Trade Commission today issued a policy statement affirming that health apps and connected devices that collect or use consumers’ health informat...
Source: SharpBrains - Category: Neuroscience Authors: Tags: Brain/ Mental Health Technology & Innovation data breaches devices digital health FTC health apps Health Breach Notification Rule health data personal health records security breach Source Type: blogs