The US Federal Trade Commission (FTC) has issued a statement on the Health Breach Notification Rule, providing clarification on which parties bear responsibility when there is a data breach in health apps and other connected devices.
According to a statement from the agency, the rule ensures that entities not covered by the Health insurance Portability and Accountability Act (HIPAA) still face consequences when health data is compromised. It requires vendors of personal health records (PHR) and PHR-related entities must notify consumers and the FTC, and possibly the media, if unsecured identifiable health information is breached or face civil penalties. It also covers these entities’ service providers.
Simply put, the statement says those entities covered by the rule which have experienced breaches cannot hide this from the consumers who have trusted them with sensitive health information.
Issued more than a decade ago, the rule’s requirements with respect to health apps and connected devices are more important than ever with the explosion in their use. While the FTC has advised mobile health app to examine their obligations under the rule, the agency has never enforced it and many entities appear to misunderstand its requirements, according to the statement.
The statement goes on to explain that the rule is triggered when a vendor of PHR with individually identifiable health information created or received by a healthcare provider experiences a breach of security. These breaches are not limited to cybersecurity intrusions or nefarious actions. Incidents of unauthorized access, including sharing of covered information without the individual’s consent, triggers the notification obligation of the rule.
The COVID-19 pandemic has exposed the cybersecurity gaps of many healthcare organizations and saw an increase in attacks from bad actors.
Some tips to keep your practice safe include:
Medicare’s G2211 and thoughts on how to best use it in urology
May 1st 2024"We felt that it was important to again address this topic because we have received numerous questions regarding the correct use of this code and we have had some experience using the code now that it is active and been able to observe some of the initial payment processing by the payer," write Jonathan Rubenstein, MD, and Mark Painter.
Experts develop guide on online tools to reduce costs of urologic drugs
April 22nd 2024"At a time when patients are increasingly concerned about prescription drugs, this information will provide a useful starting point for making essential medications as affordable as possible," says Ruchika Talwar, MD.