Health Breach Notification Rule

Tags:

16 CFR Part 318

Rule Summary

The Rule requires vendors of personal health records and related entities to notify consumers following a breach involving unsecured information. In addition, if a service provider to one of these entities has a breach, it must notify the entity, which in turn must notify consumers. The Final Rule also specifies the timing, method, and content of notification, and in the case of certain breaches involving 500 or more people, requires notice to the media.

Text of Rule

16 CFR Part 318: Health Breach Notification Rule (NPRM)
(June 9, 2023 )

16 CFR Part 318: Health Breach Notification Rule; Request for Public Comment
(May 22, 2020 )

Agency Information Collection Activities; Submission for OMB Review; Comment Request; Extension (Health Breach Notification Rule)
(August 24, 2012 )

Agency Information Collection Activities; Proposed Collection; Comment Request; Extension (Health Breach Notification Rule PRA)
(May 29, 2012 )

Health Breach Notification Rule; Final Rule
(August 29, 2009 )

16 CFR Part 318: Health Breach Notification Rule; Notice of Proposed Rulemaking
(April 20, 2009 )

FTC Proposes Amendments to Strengthen and Modernize the Health Breach Notification Rule
(May 18, 2023)

FTC Warns Health Apps and Connected Device Companies to Comply With Health Breach Notification Rule
(September 15, 2021)

FTC Seeks Comment as Part of Review of Health Breach Notification Rule
(May 8, 2020)

FTC Issues Final Breach Notification Rule for Electronic Health Information
(August 17, 2009)

FTC Publishes Proposed Breach Notification Rule for Electronic Health Information
(April 16, 2009)

File

Health Breach Notification Form (195.7 KB)

File

Statement Of The Commission On Breaches by Health Apps and Other Connected Devices (160.35 KB)

File

Health Breach Notices Received by the FTC (68.42 KB)

Enforcement

Search or browse
the Legal Library

Take action

Competition Matters Blog

New HSR thresholds and filing fees for 2024

Policy

Search or browse
the Legal Library

Take action

Technology Blog

Approaches to Address AI-enabled Voice Cloning

Advice and Guidance

Take action

Consumer Advice

Business Guidance

Servicemembers:
Your tool for financial readiness

Get consumer protection basics, plain and simple

Learn how the FTC protects free enterprise and consumers

Looking for competition guidance?

News and Events

Latest News

Proposed FTC Order will Prohibit Telehealth Firm Cerebral from Using or Disclosing Sensitive Data for Advertising Purposes, and Require it to Pay $7 Million

Upcoming Event

Closed Commission Meeting- April 22, 2024

Follow us on social media

About the FTC

Health Breach Notification Rule

Search or browse the Legal Library

Take action

Competition Matters Blog

Search or browse the Legal Library

Take action

Feature

Vision and Priorities

Technology Blog

Advice and Guidance

Take action

Servicemembers: Your tool for financial readiness

Get consumer protection basics, plain and simple

Learn how the FTC protects free enterprise and consumers

Looking for competition guidance?

Latest News

Upcoming Event

Follow us on social media

Feature

Latest Data Visualization

Featured

Meet the Chair

Health Breach Notification Rule

Search or browse
the Legal Library

Search or browse
the Legal Library

Servicemembers:
Your tool for financial readiness