On March 4, 2021, Senator Robert Menendez (D-New Jersey), and Reps. Mikie Sherrill (D-New Jersey) and Bonnie Watson Coleman (D-New Jersey) authored a letter recommending to the Federal Trade Commission (FTC) to commence implementing the Health Breach Notification Rule.
The Federal Trade Commission (FTC) is required to secure the American people from bad personalities that betray customer trust and incorrectly use consumers’ healthcare information and has the capacity to carry out enforcement action but is not imposing submission to the Health Breach Notification Rule.
The Health Breach Notification Rule was created in connection with the American Recovery and Reinvestment Act of 2009 and demands vendors of personal health data, PHR linked entities, and third-party service companies to advise consumers concerning unauthorized disclosures of personal health information.
The Health Breach Notification Rule is applicable to entities not included in the Health Insurance Portability and Accountability Act (HIPAA) and has the same terms as the HIPAA Breach Notification Rule. Although the HHS’ Office for Civil Rights already implements the HIPAA Breach Notification Rule, the FTC hasn’t done any enforcement actions towards entities that dishonored the Health Breach Notification Rule.
In the letter addressed to FTC’s Acting Chair Honorable Rebecca Kelly Slaughter, the lawmakers exhorted the FTC to carry out enforcement actions versus firms that don’t advise consumers regarding unauthorized uses and disclosures of personal health data, in particular disclosures of consumers’ personal health data to third parties without permission by menstruation tracking mobile application vendors.
The FTC submitted a complaint versus Flo concerning the privacy breach and arrived at a settlement with Flo Health and that demanded the application creator to change its privacy practices and acquire authorization from app users prior to using their health data, nonetheless, the complaint didn’t deal with the insufficiency of giving notifications to users.
The lawmakers encourage having tougher [Health Breach Notification Rule] implementation, particularly, in the case of period-tracking apps, which involve data that is personal and remarkably important to advertisers. All tools, such as the Health Breach Notification Rule, must be used to safeguard women and all menstruating individuals from mobile applications that take advantage of their personal information.