Health Privacy

Consumers care about the privacy and security of their health-related information. If your company makes privacy promises – either expressly or by implication – the FTC Act requires you to live up to those claims. In addition, businesses have an obligation to maintain security that's appropropriate in light of the nature of the data they possess. Also, does the Health Breach Notification Rule apply to your business? Covered companies must take specific steps if they experience a data breach.


Advice for businesses about building and keeping security into products connected to the Internet of Things, including proper authentication and access control, secure data management, and the importance of communicating with users effectively.

Guidance for business on complying with the FTC’s Health Breach Notification Rule. Who’s covered by the Rule and what companies must do if they experience a breach of personal health records.

Under the FTC's Health Breach Notification Rule, companies that have had a security breach must: 1. Notify everyone whose information was breached; 2. In many cases, notify the media; and 3. Notify the FTC.

Explains how medical identity theft occurs, and how health care providers and insurers can minimize the risk and help their patients if they’re victimized.

When developing a health app, sound privacy and security practices are key to consumer confidence. Here are some best practices to help you build privacy and security into your app. These practices also can help you comply with the FTC Act.

You’re developing a health app for mobile devices and you want to know which federal laws apply. Check out this interactive tool.


More and more, personal medical information is online. For most hospitals, doctors’ offices, and insurance companies, the Health Insurance Portability and Accountability Act (HIPAA) governs the privacy and security of health records stored online. But many web-based businesses that collect people’s...
Start with Security: A Guide for Business offers tips for any business wanting to implement sound data security. For health app developers, here’s tailored advice and additional questions to ask. Minimize data....