Skip to content

NAI Regulatory Summary and Analysis: Statement of the Federal Trade Commission on Breaches by Health Apps and Other Connected Devices

The NAI has published a Regulatory Summary and Analysis in response to the FTC’s September 2021 Policy Statement on the Health Breach Notification Rule, and its recent guidance updated in January 2022.

In September 2021, the Federal Trade Commission issued a Policy Statement that is intended to clarify the scope of the FTC’s Health Breach Notification Rule (“The Rule”). The purpose of the Rule, finalized in 2009, was to hold non-HIPAA entities accountable in cases of health data breaches by requiring them to notify relevant stakeholders, such as U.S. consumers and the FTC.

The Policy Statement published in September 2021 signals the FTC’s intent to expand enforcement under the Rule, and it interprets the following elements more broadly: (1) covered entities, (2) covered health information, and (3) breach of security.

Similar Posts

Public Policy Leadership for Ad-Tech Companies

February 16, 2021
The Network Advertising Initiative (NAI) is the leading ad-tech industry association, helping member companies navigate the increasingly challenging legal and regulatory environment. The NAI’s advocacy program also promotes and protects
Read More