On April 26, 2024, the Federal Trade Commission issued a final rule amending the 2009 Health Breach Notification Rule. This paper provides an in-depth analysis of the changes introduced by the final rule, the implications for businesses not regulated by HIPAA, and the potential operational ripple effects for many businesses now regulated under the final rule. It also discusses the updated individual notification obligations and the need for impacted individuals to be made aware of potential risks while balancing issues related to notice fatigue.
Click the media link below to read "Changes to the Federal Trade Commission (FTC) Health Breach Notification Rule Closes Some Gaps But Adds Some Ambiguity," co-authored by Brad M. Rostolsky for Vol.7.1 of the Journal of Data Protection & Privacy.