CTA Stance on FTC Proposed Changes
Protecting Health Data Privacy: CTA’s Stance on FTC’s Proposed Changes
Editors Note: nice article by Rachel Nemeth explaining the CTA opposition or comments on the FTC NPRM
Rachel Nemeth
Senior Director Regulatory Affairs at Consumer Technology Association
In mid-May, the Federal Trade Commission (FTC) proposed modifications to the Health Breach Notification Rule, sparking an important discussion on health data privacy. As North America’s largest technology trade association, the Consumer Technology Association (CTA) stands committed to protecting personal health data while supporting innovation. However, certain aspects of the proposed rule have raised concerns.
Some background first.
The Health Breach Notification Rule requires certain entities (like businesses and non-profits) that are not covered by HIPAA (which covers most hospitals, doctors’ offices and insurance companies) to notify customers and the FTC if there’s a breach of health data information.
Congress directed the FTC to implement this Rule via the Health Information Technology for Economic and Clinical Health Act (HITECH Act), but the recent proposed changes extend beyond Congress’ originally intended scope. The fundamental purpose of the Rule is to facilitate timely notification of significant health data breaches – not broadly regulate health data.
CTA responded to the FTC.
While CTA shares the FTC’s priority of protecting personal health data privacy and security, we find certain proposals impractical, unhelpful for consumers, and unduly burdensome. This week, CTA officially responded to the FTC on these unnecessary proposals.
Our full comments are available here, but below is a summary of what we said:
Scope of Covered Parties should be limited.
The scope of the entities covered by the Rule should be limited, consistent with the original intent of the HITECH Act. This means excluding merchants who sell diverse products, but including apps that collect health data from various sources. Additionally, exclude service providers like cloud computing, analytics, and advertising, especially if they are not intentionally handling covered health data.
Scope of a “Breach of Security” should be narrowed.
The Rule should focus on unauthorized “acquisition” of covered health data, excluding accidental or well-intentioned unauthorized access or sharing where the information isn’t actually taken by a third party. This avoids reporting minor incidents and wasting resources. CTA supports not defining “authorization” as it goes beyond the Rule’s purpose. CTA also recommends adding exceptions for “unauthorized” data taking, similar to HIPAA and state privacy laws, to enhance regulatory clarity.
Arbitrary reporting timelines and triggers should be avoided.
The Commission should replace fixed timelines for reporting breaches based on when a company finds a potential security issue. Instead, reporting should happen when a company reasonably confirms an actual security breach and should offer more time for certain incidents. This approach decreases unnecessary reports, lets companies focus on investigating possible issues, and aligns better with state data breach reporting laws.
Notice procedures should be simplified.
Simplifying the consumer notice form and content ensures actionable information reaches consumers efficiently. Streamlining email notifications and avoiding speculative breach risk requirements improves communication clarity.
In conclusion, CTA remains committed to working with the FTC in creating a balanced, practical, and consumer-focused Health Breach Notification Rule. One of our goals is to safeguard personal health data privacy and security while fostering innovation and economic growth. Considering industry feedback and recommendations will ensure a Rule that enhances consumer trust, protects data, and supports the continued growth of the technology industry.
Together, we can build a secure and innovative digital future for all.
ADA Regulations Update – U.S. Access Board and ANSI
ADA Regulations Update June 2023
June 15, 2023 — New updated dates for US Access Board NPRMs for EV and POS. Also, ANSI has just released their new EV standards, which include ADA considerations. Thanks to Steve Taylor with TaylorPOS for reminding us of the NPRM dates.
Accessibility Guidelines for Self-Service Transaction Machines
This rulemaking would amend the Architectural and Transportation Compliance Board’s existing accessibility guidelines for buildings and facilities under the Americans with Disabilities Act (ADA) and the Architectural Barriers Act (ABA), located at 36 CFR part 1191, to include guidelines for the accessibility of fixed self-service transaction machines, self-service kiosks, information transaction machines, and point-of-sale devices. The U.S. Department of Transportation and U.S. Department of Justice are expected, via separate rulemakings, to adopt these amended guidelines as enforceable standards for devices and equipment covered by the ADA. RIN: 3014-AA44
Timetable:
| ACTION | DATE | FR CITE |
|---|---|---|
| ANPRM | 09/21/2022 | 87 FR 57662 |
| ANPRM Comment Period End | 11/21/2022 | |
| NPRM | 12/00/2023 |
Accessibility Guidelines for Electric Vehicle Charging Stations
Electric vehicle (EV) charging stations are becoming commonplace with the rising production and use of electric and plug-in hybrid vehicles. According to the U.S. Department of Energy, there are nearly 50,000 public EV charging stations with almost 127,000 charging ports across the country. The Infrastructure Investment and Jobs Act, signed into law in November 2021, allocates $7.5 billion to construct a national network of 500,000 EV charging stations to accelerate the adoption of EVs. It is expected that the installation and use of EV charging stations will continue to expand; however, at present, there are no federal regulations specifying accessibility requirements for EV charging stations to ensure that they are accessible to and useable by persons with disabilities. The Access Board thus intends to publish a notice of proposed rulemaking to supplement its Accessibility Guidelines under the Americans with Disabilities Act (ADA) and Architectural Barriers Act (ABA) with scoping and technical requirements for electric vehicle charging stations. RIN: 3014-AA48
Timetable:
|
ANSI Publishes Roadmap of Standards and Codes for Electric Vehicles at Scale
New York, June 14, 2023: The American National Standards Institute (ANSI) announced today the publication of the Roadmap of Standards and Codes for Electric Vehicles at Scale developed by the Institute’s Electric Vehicles Standards Panel (EVSP). The roadmap’s primary focus is on light-duty, on-road plug-in electric vehicles (EVs) that are recharged via a connection to the electrical grid, as well as the supporting charging infrastructure needed to power them. Medium and heavy-duty EVs are also covered, as is wireless charging. A total of 37 standardization gaps are identified with corresponding recommendations across the topical areas of vehicle systems, charging infrastructure, grid integration, and cybersecurity. It is hoped that the roadmap will see broad adoption by the user community and will facilitate a more coherent and coordinated approach to the future development of standards for EVs.
The Kiosk Manufacturer Association (KMA) is an Associate Sponsor. (UL is the premier sponsor)
ADA Excerpt:
(c) The American with Disabilities Act of 1990 (ADA), and implementing regulations, apply to EV charging stations by prohibiting discrimination on the basis of disability by public and private entities. EV charging stations must comply with applicable accessibility standards adopted by the Department of Transportation into its ADA regulations (49 CFR part 37) in 2006, and adopted by the Department of Justice into its ADA regulations (28 CFR parts 35 and 36) in 2010. 45 The U.S. Access Board, an independent federal agency that issues accessibility guidelines under the Americans with Disabilities Act(ADA), Architectural Barriers Act(ABA), Rehabilitation Act of 1973, and other laws, has provided a technical assistance document “Design Recommendations for Accessible Electric Vehicle Charging Stations” 46 to assist in the design and construction of electric vehicle (EV)
charging stations that are accessible to and usable by people with disabilities. In the Fall 2022 Unified Agenda and at recent Board Meetings, the Access Board announced that it anticipates a Notice of Proposed Rulemaking (NPRM) for EVSE towards the end of the summer of 2023. Noting the expected continuing expansion and use of EV charging stations, the Board noted in relevant part that: [T]here are no federal regulations specifying accessibility requirements for EV charging stations to ensure that they are accessible to and useable by persons with disabilities. The Access Board thus intends to publish a notice of proposed rulemaking to supplement its Accessibility Guidelines under the Americans with Disabilities Act (ADA) and Architectural Barriers Act (ABA) with scoping and technical requirements for electric vehicle charging stations.
47 44 https://www.federalregister.gov/d/2023-03500/p-385 45 https://www.federalregister.gov/d/2023-03500/p-465 46 The Access Board, “Design Recommendations for Accessible Electric Vehicle Charging Stations” last updated 7/21/2022, Accessed 3/13/2023 https://www.access-board.gov/tad/ev/ 47 The Access Board, “Accessibility Guidelines for Electric Vehicle Charging Stations,” RIN: 3014-AA48, Fall 2022,Accessed 2/13/2023 https://www.reginfo.gov/public/do/eAgendaViewRule?pubId=202210&RIN=3014-AA48
ANSI EVSP Roadmap of Standards and Codes for Electric Vehicles at Scale Page 101 of 170
The DOE Clean Cities Coalition Network provides best practices for installing ADA-compliant EV charging stations. 48
In addition, the California Division of the State Architect has developed accessibility requirements for EV charging, which are part of the California Building Code. 49
The 2021 International Building Code® (IBC®), section 1107, provides that no less than 5% of vehicle spaces at an EV charging site, and not fewer than one space for each type of EV charging system, shall be accessible. 50 This is not required for R-2, R-3, and R-4 occupancies. In terms of standards activity, ICC A117.1—2017 Accessible And Usable Buildings And Facilities, section 502.11, provides requirements that EV charging stations comply with requirements for operable parts (card readers) and are free of obstructions between the charging station and the adjacent parking space. 51 As noted, there is some policy activity anticipated. At this time, no codes and standards gap has been identified.
More Posts
- LG EV Charging Stations – LG Electronics Buys Mango(Opens in a new browser tab)
- PennDOT to distribute millions on electric vehicle charging stations(Opens in a new browser tab)
- Charging EV Stations – Peerless-AV and Volta(Opens in a new browser tab)
- EV Range launch of fast chargers for electric vehicles in California.(Opens in a new browser tab)
Screen Reader Software for ADA
Vispero/TPGi Listed in AWS Marketplace for the U.S. Intelligence Community
Couple of news items for screen reader news, both from Vispero, the leader with JAWS Kiosk software. From PRnewswire — Vispero/TPGi Software now available to 18 U.S. Intelligence Agencies in AWS Marketplace
JAWS Kiosk AWS Marketplace
CLEARWATER, Fla., June 7, 2023 /PRNewswire/ — Vispero® and TPGi®, global leaders in accessibility software and services, today announced the availability of their offerings in the AWS Marketplace for the U.S. Intelligence Community (IC). The AWS Marketplace for the U.S. IC offerings includes a broad array of common software infrastructure, developer tools, and business software products that support the unique needs of the U.S. IC through improved security, increased mission impact, and cost savings. TPGi’s Accessibility Resource Center (ARC) software allows companies of all sizes to manage accessibility programs via one powerful integrated dashboard and to access a central repository of over 600 KnowledgeBase articles from worldwide experts in accessibility.
“We are pleased to offer our software in the AWS Marketplace for the U.S. IC to help government agencies assure their digital assets are usable by all employees and citizens while complying with Section 508 and accessibility standards,” said Matt Ater, Vice President of Vispero.AWS Marketplace for the U.S. IC provides the same purchasing convenience, open and transparent license terms and conditions, and a variety of pricing models, including hourly usage and annual subscription, as the commercial AWS Marketplace. It also supports Bring-Your-Own-License (BYOL) so that agencies can more easily migrate existing software licenses and applications to the cloud. For more information on AWS Marketplace for the U.S. IC, contact [email protected].
About Vispero
Vispero is a global leader in assistive technology products for those with vision impairments. Freedom Scientific, TPGi, Enhanced Vision, and Optelec, all Vispero brands, have a long history of innovation for customers with accessibility needs. Today our product portfolio is considered one of the most diverse and reliable on the market.
About TPGi
TPGi provides digital accessibility software and services to help businesses reduce risk, grow revenue, and improve user experience. With over 20 years of experience and 21 employees actively influencing accessibility standards on the World Wide Web Consortium (W3C), TPGi offers the most robust knowledge base and accessibility expertise in the industry as well as award-winning self-service kiosk software. Our tailored approach has enabled 1000+ customers to achieve the best outcomes for their businesses, their employees, and their consumers.
SOURCE TPGi LLC
Disability:IN show in Orlando in July
jaws kiosk
Join Vispero® and TPGi at the #DisabilityInclusion event of the year. You can stop by our booth and check out Matt Ater speak during “Creating A Culture Beat: Drumming Up Support for Digital Accessibility.”
We can’t wait to meet you there!
Learn more about Disability:IN 2023: https://lnkd.in/gEBhNDWT
JAWS Kiosk Brochure Digital 2022-compressed
More Posts
- McDonalds Kiosk — Vispero JAWS Recognized by McDonalds(Opens in a new browser tab)
- JAWS Kiosk or JAWS Windows Screen Reader(Opens in a new browser tab)
- JAWS Kiosk® awarded Judge’s Choice Award Improving Travel Experience(Opens in a new browser tab)
- JAWS For Kiosks at NRA – Booth 6966(Opens in a new browser tab)
Patient Kiosk Demo at HIMSS 2023 with ADA
Healthcare Kiosk Demo
Published on Healthcareittoday.com – Author John Lynn
In Brief
- Nicky Shaw US Operations Manager at Storm Interface does the demo
- demonstration of accessibility device as part of check-in kiosk
- Inability to use the touchscreen is the benefit
- Kiosk has an Storm Audiopad installed on kiosk by Kiosk Innovations with screenreader software by Vispero (JAWS Kiosk)
- Audio and Tactility are the key features
- Demo done at HIMSS 2024
- A second kiosk by Pyramid America part of demo
Excerpt:
One of the most interesting opportunities at the HIMSS annual conference is the chance to see demos of a wide variety of health IT solutions. At this year’s event, we decided to film a number of demos of interesting health IT products that we thought readers of Healthcare IT Today would find useful. If you want to see all of these demos as we share them, be sure to subscribe to the Healthcare IT Today YouTube channel.
The first demo I’m excited to share is by Nicky Shaw, US Operations Manager at Storm Interface. Shaw demonstrates how you can take a healthcare kiosk and make it accessible for those who may have visual or other impairments.
Listen and subscribe to the Healthcare IT Today Interviews Podcast to hear all the latest insights from experts in healthcare IT.
Video Demo
More Posts
- Touchless Interface Solution Self-service kiosks – KioTouch(Opens in a new browser tab)
- Digital Wayfinding Smart City demo at recent InfoComm(Opens in a new browser tab)
- ADA Kiosk – Storm Interface and Tech for All Announce Collaboration
- Speech Command Hardware for Self-Service by Storm Interface Announced
- McDonald’s Kiosk News – Delivering More Accessible With Storm
Walmart Health Expanding in Oklahoma
Walmart Healthcare News
Health centers in the Oklahoma City area will be approximately 5,750 square feet, located beside Walmart Supercenters, and will feature Walmart Health’s full suite of health services. Noted on FierceHealthcare
In Brief Summary
- 2024 is target
- Oklahoma City will get a couple
- Other states expanding include Missouri, Arizona and Texas
- Walmart and United Healthcare partnering
Excerpt
The health centers in the Oklahoma City area will be approximately 5,750 square feet, located beside Walmart Supercenters, and will feature Walmart Health’s full suite of health services. These services may vary by location but include primary care, labs, X-ray and EKG, behavioral health, dental, hearing, select specialty services, community health and telehealth.
Walmart inked a partnership with health IT behemoth Epic back in 2021 to use its electronic health records system to connect records across all of its healthcare services, including virtual care. Epic’s technology will eventually support all of Walmart’s health and wellness lines of business.
More Posts
- Walmart Telehealth – Purchases MeMD(Opens in a new browser tab)
- Expanding telehealth access post-pandemic(Opens in a new browser tab)
- Patient Check-In Kiosk – Olea Expands Healthcare, Telehealth(Opens in a new browser tab)
- Mental Health Telehealth Kiosk by Let’s Talk Interactive(Opens in a new browser tab)
EPIC Goes AI (and so does eClinicalWorks) – from HIMSS 2023
EPIC Goes AI
From fiercehealthcare.com 4/18
Announcement from HIMSS by EPIC that it is collaborating with Microsoft and Azure OpenAI services on AI services. They are not showing any live demo.
In Brief Summary
- reduces administrative burden with message response
- UC San Diego Health, UW Health in Madison and Stanford Health Care
- A lot like restaurants where the people don’t need to do it anymore and can focus on more important tasks
- EPIC SlicerDicer will see integration – nice explanation on UC Davis – interestingly UC Dicer is Citrix. Here is SlicerDicer blahblah — SlicerDicer is a self-service reporting tool that provides physicians, department managers, and other users with intuitive and customizable data exploration abilities.
- According to KLAS (respected) EPIC is 33% share of acute care hospitals in the U.S. market
- 2022 Numbers— Globally 2130 use EPIC and Oracle Cerner is 2389. EPIC increased its share from 2021.
- EPIC in 2021 had a series of news where its AI was delivering inaccurate info.
- In November 2022 EPIC announced deal with Google Cloud for AI (Hackensack Meridian Health)
Excerpt
Health systems and hospitals are facing intense financial pressure with rising costs and increasingly tight margins. Approximately half of U.S. hospitals finished 2022 with negative margins as widespread workforce shortages and increased labor expenses, as well as supply disruptions and inflationary effects, caused expenses to meaningfully outpace revenue increases, according to data from Kaufman Hall.
Resources
- Epic, Microsoft team up to let AI help answer medical questions
- Microsoft and Epic expand strategic collaboration with integration of …
- Oracle and NVIDIA Partner to Speed AI Adoption for Enterprises
- Oracle’s Cerner Enviza to use AI to study asthma drug safety
- Epic’s AI algorithms, shielded from scrutiny by a corporate firewall …
More Posts
- AI Artificial Intelligence and Patient Acceptance(Opens in a new browser tab)
- Epic & Google Partner on AI and Analytics(Opens in a new browser tab)
- Epic EHR News – UGM Next Week and KeyCare Telehealth(Opens in a new browser tab)
VIDEOS
Google Health and AI 3 weeks ago
EPIC Welcome Kiosk by KIOSK
Epic Welcome Kiosks Improving Patient Experience
The EPIC Welcome Kiosk is the standard by which all patient check-in kiosks are judged. This is KIOSK Information Systems iteration with case study on it.
LINK TO EPIC WELCOME KIOSK FULL CASE STUDY
At a Glance – Summary
improve overall patient satisfaction
The Challenge
lengthy check-in process that involved filling out paperwork and waiting in line to see a receptionist.
The Solution – EPIC Welcome Kiosk
Implement Epic Welcome Kiosks
The Result with EPIC Welcome Kiosk
Reduced Wait Times – The kiosks have reduced wait times
Improved Data Accuracy – improved data accuracy
Social Distancing
Learn more about Healthcare & Medical Kiosks.
Contact us to start your patient check-in solution.
About KIOSK Information Systems
As an industry leader in the design and manufacturing of complete self-service solutions since 1993, our team of experts provide superior service while delivering complete customized solutions.
End-to-end solutions keep deployments simple while maintaining superior uptime.
- Software Application and Hardware Enclosure Design
- Hardware Integration Module APIs that are licensable
- Flexible Volume Manufacturing
- ISO9001:2015 Certified Quality Systems
- ISO14001:2015 Certified Environmental Systems
- Turnkey Safety Agency Certifications (UL, FCC)
- Fully Managed Deployment, Monitoring, & Field Services
VA to Support Two EHR Systems Indefinitely
Cerner and VistA EHR Systems for VA
From Federal News Network March 2023
In Brief Summary
- 24 migrated and 54 slated to migrate to cloud
- Cerner went live October 2020
- Congressional leaders frustrated by lack of progress
- Another 5-10 years expected
- VistA relys on MUMPs programmers, many due to retire and no new ones coming online
- VistA doesn’t support mobile and web access very well, and no support for AI
Excerpt
The Department of Veterans Affairs is telling Congress a new multibillion-dollar Electronic Health Record is the best way to provide care for its patients — despite a troubled rollout and House lawmakers threatening to pull the plug on the project.
Whether or not the VA can get the rollout of its Oracle-Cerner EHR back on track this summer as planned, agency officials told members of the House VA Committee that the VA would need to rely on its legacy EHR, VistA, for another five-to-10 years, if not longer.
“In essence, we are supporting two EHR systems simultaneously until the Cerner implementation is complete,” Daniel McCune, VA’s executive director of software product management, told the technology modernization subcommittee in a hearing Tuesday. “In the interim, VistA remains our authoritative source of veteran data.”
VA officials told the subcommittee that VistA is not suited for meeting the agency’s long-term health care needs, but McCune said the VA plans to modernize VistA over the coming years to provide “uninterrupted care and continually improve the veteran service.”
In a survey of VA employees currently using the Oracle-Cerner EHR, 78% of respondents said the new system didn’t help them deliver high-quality care, but 64% agreed that the legacy VistA system did help them provide quality care to veterans.
Resources
- address patient safety issues
- Another separate bill tp pull the plug
- resume EHR go-lives
- close to releasing a revised execution plan
Related News
- 3/10/2023 — Oracle reports Q3 results: revenue up 18%, adjusted EPS $0.68 versus $0.84, beating earnings expectations but falling just short on revenue. The company’s much-watched cloud revenue jumped 45%. ORCL shares dropped 5% in after-hours trading following the announcement as investors reacted to revenue of $12.4 billion versus the average analyst expectation of $12.41 billion. Chairman and CTO Larry Ellison highlighted the contributions of its June 2022 Cerner acquisition, saying that its healthcare contract base has increased by $5 billion. He says Oracle is pleased with those results, but expects new healthcare contract signings to accelerate further over the next few quarters. The Cerner business contributed $1.5 billion in revenue for the quarter, 12% of Oracle’s total revenue.
More Posts
Telehealth News – Teladoc Historic Net Loss Reported
Teladoc Telehealth News
Teladoc said fourth-quarter revenue increased 15% year-over-year to $637.71 million, which beat average analyst estimates of $633.65 million, according to Benzinga Pro. The company reported quarterly earnings of $23.49 per share due to non-cash goodwill impairment charges of $23.26 per share.
Excluding the impairment charge, Teladoc’s net loss came in at 23 cents per share versus consensus estimates for a loss of 25 cents per share.
“Despite a challenging macro environment, we were able to expand our product offerings and enhance the level of care delivered across our integrated whole-person platform,” said Jason Gorevic, CEO of Teladoc Health.
All in all it was a bit of OMG kneejerk headline for basically pretty good news. Teladoc has been around 30 for stock share price (after hitting 34 in early Feb) and the loss knocked it down 10% to 25. It has recovered since back to 27.43 on 2/23
Dive Brief: From HealthCareDive Feb 2023
- Teladoc Health reported a historic net loss in 2022 of $13.7 billion off revenue of $2.4 billion, mostly from an impairment charge related to the shrinking value of its Livongo acquisition. By comparison, the virtual care company reported a loss of $429 million in 2021.
- The non-cash goodwill impairment charge of $13.4 billion reported over the past year reflects the waning market value of Teladoc’s $18.5 billion acquisition of chronic care company Livongo in late 2020. The impairment charge doesn’t impact the company’s financial position or its ability to invest in the business going forward, CFO Mala Murphy said on a call with investors Wednesday.
- The New York-based telemedicine vendor beat Wall Street expectations for revenue but missed on earnings in fourth-quarter earnings released aftermarket Wednesday. Teladoc also issued 2023 guidance below analyst consensus, causing stock to slide in morning trading Thursday.
Click for full size – teladoc stock price
1 CommentComments on Rachel Nemeth’s article
Craig Allen Keefner(Kiosk Industry)YouSelf Service Just Works
FTC Proposes Amendments to Strengthen and Modernize the Health Breach Notification Rule
The Federal Trade Commission is seeking comment on proposed changes to the Health Breach Notification Rule (HBNR) that include clarifying the rule’s applicability to health apps and other similar t
The Federal Trade Commission is seeking comment on proposed changes to the Health Breach Notification Rule (HBNR) that include clarifying the rule’s applicability to health apps and other similar technologies.
Since the rule’s issuance, health apps and other direct-to-consumer health technologies, such as fitness trackers, have become commonplace. The proposed changes to the rule come as business practices and technological developments increase both the amount of health data collected from consumers, and the incentive for companies to use or disclose that sensitive data for marketing and other purposes.
“We are witnessing an explosion of health apps and connected devices, many of which aren’t covered by HIPAA, collecting vast amounts of sensitive consumer health information. When this information is breached, it is more vital than ever that mobile health app developers and others covered by the Health Breach Notification Rule provide consumers and the FTC with timely notice about what happened,” said Samuel Levine, Director of the FTC’s Bureau of Consumer Protection. “The proposed amendments to the rule will allow it to keep up with marketplace trends, and respond to developments and changes in technology.”
The rule requires vendors of personal health records (PHR) and related entities that are not covered by the Health Insurance Portability and Accountability Act (HIPAA) to notify individuals, the FTC, and, in some cases, the media of a breach of unsecured personally identifiable health data. It also requires third party service providers to vendors of PHRs and PHR-related entities to provide notification to such vendors and PHR-related entities following the discovery of a breach.
Protecting the privacy and security of personal health data is a high priority for the FTC, which has brought several cases in recent years involving the misuse of consumers personal health data, including two enforcement actions that alleged HBNR violations.
Earlier this week, the FTC announced a proposed order settling allegations that fertility app Premom violated the HBNR. In February 2023, the FTC announced its first enforcement action under the HBNR against telehealth and prescription drug discount provider GoodRx Holdings Inc. The FTC says GoodRx and Premom each violated the rule by failing to notify users about the companies’ unauthorized disclosure of users’ personally identifiable health information to third parties.
As part of a regular review of Commission rules, the FTC in 2020 sought comment on whether changes were needed to the HBNR. In September 2021, the FTC issued a policy statement affirming that health apps and connected devices that collect or use consumers’ health information must comply with the Health Breach Notification Rule.
After reviewing the public comments and consistent with the policy statement, the Commission has proposed the following changes to the HBNR:
The public will have 60 days after the notice is published in the Federal Register to submit comments on the proposed changes to the rule. Information on how to submit a comment can be found in the notice. Once processed, the comments will be posted to Regulations.gov.
The Commission voted 3-0 at an open Commission meeting to publish the proposed changes to the HBNR in the Federal Register.
The lead staff attorneys on this matter are Ryan Mehm, Ronnie Solomon, and Elisa Jillson of the FTC’s Bureau of Consumer Protection.