FTC Health Breach Notification Rule: Expanding Scope and Enforcement

In August 2009, the Federal Trade Commission (FTC) issued the Health Breach Notification Rule (Breach Rule), which requires vendors of personal health records and related entities to provide notice to consumers following a breach. After over a decade without any enforcement of the Breach Rule, the FTC issued a policy statement in September 2021 clarifying that health apps and connected device companies must comply with the Breach Rule. Jon Moore, Chief Risk Officer and Senior Vice President of Consulting Services, Clearwater, speaks with Ty Kayam, Attorney, Microsoft, and Adam Greene, Partner, Davis Wright Tremaine LLP, about the history of the Breach Rule, the FTC’s new interpretation, and potential future enforcement.

Related Blogs

Clear Perspective:  Managing Significant Changes in PCI DSS 4.0

Clear Perspective: Managing Significant Changes in PCI DSS 4.0

PCI DSS 4.0 introduces new guidelines that require organizations to define, evaluate, and document significant changes in their cardholder data environments. But what exactly counts as a "significant change," and how should businesses categorize and track them? Our expert guests provide practical insights and recommendations to help organizations stay compliant.
Clear Perspective: HITRUST Assessments- Key Insights for First-Timers

Clear Perspective: HITRUST Assessments- Key Insights for First-Timers

In this episode, we discuss some challenges first-time clients encounter when seeking HITRUST. Clearwater HITRUST Assessors will discuss the paths of a validated e1 and an i1 certification and clarify the various ways to indicate how an organization assesses and responds to the controls it has in scope for its assessment. They also discuss when and how to use the non-applicable vs. zero population. If you're curious about these nuances, listen to the discussion. 

Connect
With Us