The Federal Trade Commission is proposing to amend its Health Breach Notification Rule requiring vendors of personal health records to report data breaches to include developers of health applications.
On Friday a notice will be published in the Federal Register that outlines how the FTC is proposing to amend the breach notification rule for vendors, according to a posting by the National Archives and Records Administration (PDF). The FTC will propose to amend rules for entities not covered by the Health Insurance Portability and Accountability Act (HIPAA) and to require them to notify the agency, individuals and the media in some cases of breaches of personally identifiable health data.