Digital health services like websites, mobile apps or internet-connected devices that track health conditions and store sensitive personal health information will be required to notify their users of data breaches under new enforcement rules set to take effect later this summer.
The amendment to the Federal Trade Commission’s Health Breach Notification Rule was adopted in April, and aims to modernize and expand its definition of covered entities amid growing reliance on health apps, fitness trackers and telehealth appointments. The changes are effective beginning July 29, according to an agency record set to be published Thursday.