Expo: March 3-4, 2026
Conference: March 2-4, 2026
Phoenix Convention Center  •  Phoenix, AZ

REGISTER EXHIBIT
Q
POPULAR SEARCHES
Metrade Workshop
Industry News
Special Events

News:
Legislative/Advocacy
June 20, 2024

FTC Updates To The Health Breach Notification Rule

In April 2024, the Federal Trade Commission (“FTC”) updated its Health Breach Notification Rule (HBNR), 16 C.F.R. § 318.

Words by: Jeffrey S. Baird, JD and Jacque K. Steelman, JD

News:
Legislative/Advocacy
June 20, 2024

FTC Updates To The Health Breach Notification Rule

In April 2024, the Federal Trade Commission (“FTC”) updated its Health Breach Notification Rule (HBNR), 16 C.F.R. § 318.

Words by: Jeffrey S. Baird, JD and Jacque K. Steelman, JD

AMARILLO, TX – In April 2024, the Federal Trade Commission (“FTC”) updated its Health Breach Notification Rule (“HBNR”), 16 C.F.R. § 318, marking a significant shift in the regulatory landscape for health and wellness apps. The final rule was published after years of effort to modernize the HBNR.

In May 2023, the FTC sought comments on proposed changes to the HBNR, including clarifying the rule’s applicability to health apps and other similar technologies. Since the rule’s issuance, health apps and other direct-to-consumer health technologies have become commonplace.

Congress enacted the HBNR because it recognized that certain entities that hold or interact with consumers’ personal health records (“PHR”) were not subject to the privacy and security requirements of the Health Insurance Portability and Accountability Act (“HIPAA”). Congress created requirements for these entities to notify individuals, the FTC, and, in some cases, the media of a breach of unsecured personally identifiable health data. It also mandates third-party service providers to vendors of PHRs and PHR-related entities to notify such vendors and PHR-related entities following the discovery of a breach.

Notification of the breach must be sent without unreasonable delay and no later than 60 calendar days after the discovery of a security breach. If the breach involves the information of less than 500 individuals, the notification must only be sent annually to the FTC no later than 60 calendar days following the end of the calendar year.

The vendor of the PHR, PHR-related entity, and third-party service provider (“Vendor”) must demonstrate that all notifications were made as required under the rule. The FTC has finalized changes to the HBNR that will strengthen and modernize the rule by clarifying its applicability to health apps and other similar technologies. This move is in response to the increasing use of health apps and connected devices, and the updated HBNR aims to keep pace with changes in the health marketplace.

Fundamental changes to the rule include:

  • Revised Definitions: The FTC has revised several definitions to underscore the final rule’s application to health apps and similar technologies not covered by HIPAA. This includes modifying the definition of “PHR identifiable health information” and adding two new definitions for “covered health care provider” and “health care services or supplies.”
  • Clarification of Breach of Security: The final rule clarifies that a “breach of security” includes an unauthorized acquisition of identifiable health information that occurs due to a data security breach or an unauthorized disclosure.
  • Revised Definition of PHR-Related Entity: The definition of “PHR-related entity” has been revised to clarify that the final rule covers entities that offer products and services through online services, including mobile applications, of vendors of personal health records. It also clarifies that only entities that access or send unsecured PHR identifiable health information to a personal health record qualify as PHR-related entities.
  • Clarification of Multiple Sources of PHR Identifiable Health Information: The final rule clarifies what it means for a personal health record to draw PHR identifiable health information from multiple sources.

The FTC’s updated rule underscores the importance of protecting consumers’ sensitive health data. With the increasing use of health apps and connected devices, the goal of the updated HBNR is to ensure that consumer data protection keeps pace with changes in the health marketplace. The FTC’s commitment to protecting consumers’ health data is evident in its recent enforcement actions involving misusing consumers’ personal health data.

In conclusion, the FTC’s updated HBNR represents a significant step forward in consumer data protection. It expands the scope of the rule to include health apps and similar technologies, clarifies the definition of a security breach, and underscores the importance of notifying consumers in the event of a breach. As health technology continues to evolve, the goal of the FTC’s updated HBNR is to ensure that consumer data protection keeps pace.

Jeffrey S. Baird, JD, is chairman of the Health Care Group at Brown & Fortunato, a law firm with a national health care practice based in Texas. He represents pharmacies, infusion companies, HME companies, manufacturers, and other health care providers throughout the United States. Mr. Baird is Board Certified in Health Law by the Texas Board of Legal Specialization and can be reached at (806) 345-6320 or [email protected].

Jacque K. Steelman, JD, is a member of the Health Care Group at Brown & Fortunato, PC, a law firm with a national health care practice based in Texas. She represents pharmacies, infusion companies, HME companies, manufacturers, and other health care providers throughout the United States. Ms. Steelman can be reached at (972) 684-5789 or [email protected].

 

AAHOMECARE’S EDUCATIONAL WEBINAR

Employee Retention Tax Credit: Benefits and Pitfalls

Presented by: Jeffrey S. Baird, Esq., Brown & Fortunato & Kianna L. Sitarski, Esq., Brown & Fortunato

Thursday, July 11, 2024 

1:30-2:30 p.m. CENTRAL TIME
The COVID pandemic was unprecedented … and traumatic … for all of us. In response, the federal government passed laws – and issued regulations – designed to (i) provide “safety nets” to businesses, (ii) expand the provision of health care in the home, and (iii) assist families financially. A key provision is the Employee Retention Tax Credit that is designed to encourage employers, that are adversely affected by the pandemic, to keep employees on their payroll. Since its inception in 2020, the Employee Retention Credit has been modified by federal statute and IRS regulations to relieve financial struggles faced by employers. This webinar will discuss the history of the Employee Retention Credit, including eligibility and value of tax credits available for wages paid between March 2020 and December 31, 2021. The webinar will also discuss how to retroactively claim the Employee Retention credits and common pitfalls to avoid when the DME supplier is amending its tax filing. Lastly, the webinar will discuss how the DME supplier can avoid the scams that have arisen in conjunction with the Employee Retention Tax Credit.

Register for Employee Retention Tax Credit: Benefits and Pitfalls on Thursday, July 11, 2024, 1:30-2:30 p.m. CT, with Jeffrey S. Baird, Esq., and Kianna L. Sitarski, Esq., of  Brown & Fortunato.

Members: $99
Non-Members: $129

Related Articles

News Respiratory/Sleep

Resmed Unveils Unified Brand

March 13, 2025

Resmed recently introduced a comprehensive brand evolution designed to unify its brand portfolio.

News Billing/Reimbursement

Encore Healthcare Integrates With Multiple Platforms

March 13, 2025

Medtrade exhibitor Encore Healthcare is integrating its Nexus program with cloud-based ventilator management platforms at React Health, Mōvair, and Philips.