The Federal Trade Commission (FTC) recently updated its Health Breach Notification Rule, which mandates certain non-HIPAA covered entities to notify individuals, the FTC, and sometimes the media, about breaches involving unsecured personally identifiable health data. This update is particularly relevant to vendors of personal health records (PHRs) and their associated entities, broadening the scope to include developers of various health-related applications.
Key revisions include clarifying what constitutes a breach of security, specifying the types of data breaches that are included, and modernizing how notifications must be sent. These changes also extend to refining the definition of related entities and expanding the content that must be included in breach notifications. Moreover, the timing requirements for notifying the FTC have been adjusted, and overall readability and legal clarity of the rule have been enhanced.
This modernization reflects the increased usage of personal health apps and devices, such as fitness trackers and health monitoring apps, especially accelerated by the consumer shift towards digital health technologies during the COVID-19 pandemic. The FTC’s adjustments aim to address potential privacy concerns arising from these technologies and ensure that all entities handling sensitive health information are held to consistent standards.
For HR professionals, this underscores the importance of reviewing how employee health data, possibly collected through wellness programs or employee health apps, is managed. Ensuring that any breaches of this data are reported correctly according to the revised rules is critical, not only for compliance but for maintaining trust and avoiding penalties.
Benefit Allocation Systems (BAS) provides best-in-class, online solutions for: Employee Benefits Enrollment; COBRA; Flexible Spending Accounts (FSAs); Health Reimbursement Accounts (HRAs); Leave of Absence Premium Billing (LOA); Affordable Care Act Record Keeping, Compliance & IRS Reporting (ACA); Group Insurance Premium Billing; Property & Casualty Premium Billing; and Payroll Integration.
MyEnroll360 can Integrate with any insurance carrier for enrollment eligibility management (e.g., Blue Cross, Blue Shield, Aetna, United Health Care, Kaiser, CIGNA and many others), and integrate with any payroll system for enrollment deduction management (e.g., Workday, ADP, Paylocity, PayCor, UKG, and many others).
