Skip to main content

Consumers care about the privacy and security of their health-related information. If your company makes privacy promises – either expressly or by implication – the FTC Act requires you to live up to those claims. In addition, even if you don’t make specific claims, you still have an obligation to maintain security that's appropriate in light of the nature of the data you possess. Also, if you experience a data breach, the Health Breach Notification Rule may apply to your business. Companies covered by the Rule must take specific steps following a breach. Another key resource: the Statement of the Commission on Breaches by Health Apps and Other Connected Devices

Report a Health Breach to the FTC: Report now

Plain Language Guidance

Advice for businesses about building and keeping security into products connected to the Internet of Things, including proper authentication and access control, secure data management, and the importance of communicating with users effectively.

Does your business collect, use, or share consumer health information? When it comes to privacy and security, consider the Health Insurance Portability and Accountability Act; the HIPAA Privacy, Security, and Breach Notification Rules; the FTC Act and the FTC’s Health Breach Notification Rule.

Guidance for business on complying with the FTC’s Health Breach Notification Rule. Who’s covered by the Rule and what companies must do if they experience a breach of personal health records.

Under the FTC's Health Breach Notification Rule, companies that have had a security breach must: 1) notify everyone whose information was breached, 2) notify the FTC, and 3) in some cases, notify the media.

Attention app developers! Basic truth-in-advertising and privacy principles apply to your product. It’s important to give the straight story about what your app can do and be transparent about your privacy practices. This start-from-scratch publication from the FTC reminds you to consider your choices from the user's perspective.

Explains how medical identity theft occurs, and how health care providers and insurers can minimize the risk and help their patients if they’re victimized.

When developing a health app, sound privacy and security practices are key to consumer confidence. Here are some best practices to help you build privacy and security into your app. These practices also can help you comply with the FTC Act and other federal laws and regulations.

You’re developing a health app for mobile devices and you want to know which federal laws apply. Check out this interactive tool.

Practical tips for business on creating and implementing a plan for safeguarding personal information.

Ten practical lessons businesses can learn from the FTC's 50+ data security settlements.


Health Breach Notification Rule

The Rule requires vendors of personal health records and related entities to notify consumers following a breach involving unsecured information. In addition, if a service provider to one of these entities has a breach, it must notify the entity, which in turn must notify consumers. The Final Rule...