The Federal Trade Commission is being urged to update its health breach notification regulations as the public comment period for its proposed modifications ended Aug. 8, reports The Record, a news site by cybersecurity firm Recorded Future.
Many of the 117 organizations and individuals left comments pointing out the significant privacy issues users face.
The independent agency has proposed a number of changes, including clarifying that health apps and other similar non-HIPAA technologies can be subject to the health breach reporting requirement; defining what constitutes a "breach of security" in the context of the regulation to include illegal acquisition of identifiable health information resulting from unauthorized disclosure or a data security breach; and extending guidelines for the type of information shared to consumers whose data has been compromised.