Companies that operate health apps are now required to report data breaches to users in the United States. The Federal Trade Commission has determined this with the updated Health Breach Notification Rule to 'protect consumers'.
The new rules apply to providers of personal health records, and similar services and applications that rely on users' health information . At the request of critics, the FTC has redefined the definitions and rules surrounding reporting a data breach. The market authority writes: “For data breaches affecting more than 500 people, companies must immediately notify the FTC when notifying victims. This must be done without unreasonable delay and never longer than 60 calendar days after a data breach has been discovered.” p>