HealthcareUnited States
FTC Health Breach Notification Rule
The FTC Health Breach Notification Rule (16 CFR Part 318) requires vendors of personal health records (PHR) and PHR-related entities to notify individuals, the FTC, and in some cases the media following a breach of unsecured personally identifiable health information. Updated in 2024 to clarify applicability to health apps, wearables, and other digital health technologies not covered by HIPAA..
Domains
Notification Requirements
Scope and Definitions
Compliance and Enforcement
Compare FTC Health Breach Notification Rule
FTC Health Breach Notification Rule vs ISO 27001:2022View comparison →FTC Health Breach Notification Rule vs SOC 2View comparison →FTC Health Breach Notification Rule vs NIST CSF 2.0View comparison →FTC Health Breach Notification Rule vs GDPRView comparison →FTC Health Breach Notification Rule vs HIPAAView comparison →FTC Health Breach Notification Rule vs PCI DSS 4.0View comparison →
FTC Health Breach Notification Rule by Industry
FTC Health Breach Notification Rule for Healthcare→FTC Health Breach Notification Rule for Financial Services→FTC Health Breach Notification Rule for Technology→FTC Health Breach Notification Rule for Government→FTC Health Breach Notification Rule for Manufacturing→FTC Health Breach Notification Rule for Energy→FTC Health Breach Notification Rule for Retail→FTC Health Breach Notification Rule for Education→
FTC Health Breach Notification Rule by Role
FTC Health Breach Notification Rule for CISOs→FTC Health Breach Notification Rule for Compliance Officers→FTC Health Breach Notification Rule for Risk Managers→FTC Health Breach Notification Rule for IT Directors→FTC Health Breach Notification Rule for DPOs→FTC Health Breach Notification Rule for Auditors→
Frequently Asked Questions
What is FTC Health Breach Notification Rule?
The FTC Health Breach Notification Rule (16 CFR Part 318) requires vendors of personal health records (PHR) and PHR-related entities to notify individuals, the FTC, and in some cases the media following a breach of unsecured personally identifiable health information. Updated in 2024 to clarify applicability to health apps, wearables, and other digital health technologies not covered by HIPAA..
How many controls does FTC Health Breach Notification Rule have?
FTC Health Breach Notification Rule contains 50 controls organized across 3 domains.
Where does FTC Health Breach Notification Rule apply?
FTC Health Breach Notification Rule is applicable in United States. Organizations operating in or serving customers in this jurisdiction should evaluate its requirements.
What frameworks does FTC Health Breach Notification Rule map to?
FTC Health Breach Notification Rule has control-to-control mappings with 633 other compliance frameworks in our database. Use our compliance platform to explore these mappings interactively.
How do I get started with FTC Health Breach Notification Rule compliance?
Start by understanding the framework's key controls and domains. Our compliance platform provides AI-powered gap analysis and mapping tools to help you assess your current posture and build a remediation plan.
How ready are you for FTC Health Breach Notification Rule?
Answer 25 questions and get a professional readiness report with gap analysis, maturity scores, and prioritised action items. Results in 5 minutes.