In August 2009, the Federal Trade Commission (FTC) issued the Health Breach Notification Rule (Breach Rule), which requires vendors of personal health records and related entities to provide notice to consumers following a breach. After over a decade without any enforcement of the Breach Rule, the FTC issued a policy statement in September 2021 clarifying that health apps and connected device companies must comply with the Breach Rule. Jon Moore, Chief Risk Officer and Senior Vice President of Consulting Services, Clearwater, speaks with Ty Kayam, Attorney, Microsoft, and Adam Greene, Partner, Davis Wright Tremaine LLP, about the history of the Breach Rule, the FTC’s new interpretation, and potential future enforcement.
Healthcare security has seen breaches that could have been prevented if MFA had been better designed and deployed. ...