How many controls does FTC Health Breach Notification Rule have?

FTC Health Breach Notification Rule contains 50 controls organized across 3 domains.

Where does FTC Health Breach Notification Rule apply?

FTC Health Breach Notification Rule is applicable in United States. Organizations operating in or serving customers in this jurisdiction should evaluate its requirements.

What frameworks does FTC Health Breach Notification Rule map to?

FTC Health Breach Notification Rule has control-to-control mappings with 633 other compliance frameworks in our database. Use our compliance platform to explore these mappings interactively.

How do I get started with FTC Health Breach Notification Rule compliance?

Start by understanding the framework's key controls and domains. Our compliance platform provides AI-powered gap analysis and mapping tools to help you assess your current posture and build a remediation plan.

FTC Health Breach Notification Rule

The FTC Health Breach Notification Rule (16 CFR Part 318) requires vendors of personal health records (PHR) and PHR-related entities to notify individuals, the FTC, and in some cases the media following a breach of unsecured personally identifiable health information. Updated in 2024 to clarify applicability to health apps, wearables, and other digital health technologies not covered by HIPAA..

Domains

Notification Requirements

Scope and Definitions

Compliance and Enforcement

Frequently Asked Questions

Map FTC Health Breach Notification Rule to any other framework

Use our AI-powered compliance platform to find control overlaps, gaps, and build remediation plans in seconds.

Try Free on Compliance Platform