Skip to main content

Ask people about the records they consider the most private and they may say personal health data. (If they misunderstand the question, they may mention disco singles they bought in junior high – but perhaps that’s just us.) Of course, say “health privacy” and many people think of HIPAA – the Health Insurance Portability and Accountability Act. Did you know that some entities that hold or interact with consumers’ personal health records aren’t subject to HIPAA? But they may be covered by the FTC’s Health Breach Notification Rule. Given the proliferation of health apps, fitness trackers, and other health-related monitors subject to the Rule, the FTC is thinking about whether the Rule should be updated to reflect changes in technology and in how consumers use those products. In May, the FTC put a proposal on the table and wants your feedback by the August 8, 2023, deadline.

You’ll want to read the Notice of Proposed Rulemaking for the specifics, but there’s helpful information on the page. The most important thing is to share your insights by filing a public comment by August 8th. Save a step by filing online.

If you have never filed a public comment, here are some how-tos:

  • Yes, the FTC wants your feedback.  We welcome comments from industry members, but we also value the viewpoints of consumers, consumer groups, small businesses, and others with practical perspectives on the topic. Of course, this isn’t a vote. So rather than just saying yes or no, please help us by explaining your thinking on the subject.
  • Not a lawyer? Not a problem.  If we could debunk one myth about filing a public comment, it’s that comments have to be replete with cites, footnotes, and cross-references. No! We’ll wade through lofty legal language if we have to, but we want to hear straight talk from real people about the real issues.
  • The online process for filing comments is simple.  Visit the Health Breach Notification Rule page on to let you voice be heard. Click the COMMENT button and start typing. It’s as simple as that. Looking for more advice on collecting your thoughts? Just under the WRITE A COMMENT button, there’s a helpful Commenter’s Checklist. You can also browse comments that people have already filed.
  • Please don’t include personal health information or other sensitive data.  Public comments are just that: public. Your comment can be read by anyone who visits the website. So before clicking the SUBMIT COMMENT button, please reread what you’ve written to make sure you haven’t mentioned something you would prefer to keep private.


It is your choice whether to submit a comment. If you do, you must create a user name, or we will not post your comment. The Federal Trade Commission Act authorizes this information collection for purposes of managing online comments. Comments and user names are part of the Federal Trade Commission’s (FTC) public records system, and user names also are part of the FTC’s computer user records system. We may routinely use these records as described in the FTC’s Privacy Act system notices. For more information on how the FTC handles information that we collect, please read our privacy policy.

The purpose of this blog and its comments section is to inform readers about Federal Trade Commission activity, and share information to help them avoid, report, and recover from fraud, scams, and bad business practices. Your thoughts, ideas, and concerns are welcome, and we encourage comments. But keep in mind, this is a moderated blog. We review all comments before they are posted, and we won’t post comments that don’t comply with our commenting policy. We expect commenters to treat each other and the blog writers with respect.

  • We won’t post off-topic comments, repeated identical comments, or comments that include sales pitches or promotions.
  • We won’t post comments that include vulgar messages, personal attacks by name, or offensive terms that target specific people or groups.
  • We won’t post threats, defamatory statements, or suggestions or encouragement of illegal activity.
  • We won’t post comments that include personal information, like Social Security numbers, account numbers, home addresses, and email addresses. To file a detailed report about a scam, go to

We don't edit comments to remove objectionable content, so please ensure that your comment contains none of the above. The comments posted on this blog become part of the public domain. To protect your privacy and the privacy of other people, please do not include personal information. Opinions in comments that appear in this blog belong to the individuals who expressed them. They do not belong to or represent views of the Federal Trade Commission.

More from the Business Blog

Get Business Blog updates