HealthcareUnited States
FTC Health Breach Notification Rule
The FTC Health Breach Notification Rule (16 CFR Part 318) is the FTC regulation requiring VENDORS OF PERSONAL HEALTH RECORDS (PHR) + PHR-RELATED ENTITIES + THIRD-PARTY SERVICE PROVIDERS to NOTIFY individuals + the FTC + (where applicable) the media of breaches of security involving identifiable health information. The Rule applies to entities NOT COVERED BY HIPAA (Health Insurance Portability and Accountability Act of 1996 + HIPAA Breach Notification Rule at 45 CFR Subpart D) - i.e.
Domains
HBNR: 2024 Amendments - Mobile Apps, Connected Devices, Reproductive Health and Cross-App Tracking
HBNR: FTC and Media Notification (16 CFR 318.5(c) + 318.6) - 500+ Threshold and Annual Log
HBNR: Scope and Applicability (16 CFR 318.1, 318.2) - PHR Vendors and PHR-Related Entities
HBNR: Definitions (16 CFR 318.2) - PHR, Identifiable Health Information, Breach, Healthcare Provider
HBNR: Third-Party Service Provider Obligations (16 CFR 318.3(b))
Compare FTC Health Breach Notification Rule
FTC Health Breach Notification Rule vs ISO 27001:2022View comparison →FTC Health Breach Notification Rule vs SOC 2View comparison →FTC Health Breach Notification Rule vs NIST CSF 2.0View comparison →FTC Health Breach Notification Rule vs GDPRView comparison →FTC Health Breach Notification Rule vs HIPAAView comparison →FTC Health Breach Notification Rule vs PCI DSS 4.0View comparison →
FTC Health Breach Notification Rule by Industry
FTC Health Breach Notification Rule for Healthcare→FTC Health Breach Notification Rule for Financial Services→FTC Health Breach Notification Rule for Technology→FTC Health Breach Notification Rule for Government→FTC Health Breach Notification Rule for Manufacturing→FTC Health Breach Notification Rule for Energy→FTC Health Breach Notification Rule for Retail→FTC Health Breach Notification Rule for Education→
FTC Health Breach Notification Rule by Role
FTC Health Breach Notification Rule for CISOs→FTC Health Breach Notification Rule for Compliance Officers→FTC Health Breach Notification Rule for Risk Managers→FTC Health Breach Notification Rule for IT Directors→FTC Health Breach Notification Rule for DPOs→FTC Health Breach Notification Rule for Auditors→
Frequently Asked Questions
What is FTC Health Breach Notification Rule?
The FTC Health Breach Notification Rule (16 CFR Part 318) is the FTC regulation requiring VENDORS OF PERSONAL HEALTH RECORDS (PHR) + PHR-RELATED ENTITIES + THIRD-PARTY SERVICE PROVIDERS to NOTIFY individuals + the FTC + (where applicable) the media of breaches of security involving identifiable health information. The Rule applies to entities NOT COVERED BY HIPAA (Health Insurance Portability and Accountability Act of 1996 + HIPAA Breach Notification Rule at 45 CFR Subpart D) - i.e.
How many controls does FTC Health Breach Notification Rule have?
FTC Health Breach Notification Rule contains 11 controls organized across 7 domains.
Where does FTC Health Breach Notification Rule apply?
FTC Health Breach Notification Rule is applicable in United States. Organizations operating in or serving customers in this jurisdiction should evaluate its requirements.
How do I get started with FTC Health Breach Notification Rule compliance?
Start by understanding the framework's key controls and domains. Our compliance platform provides AI-powered gap analysis and mapping tools to help you assess your current posture and build a remediation plan.
How ready are you for FTC Health Breach Notification Rule?
Answer 25 questions and get a professional readiness report with gap analysis, maturity scores, and prioritised action items. Results in 5 minutes.