Consumers care about the privacy and security of their health-related information. If your company makes privacy promises – either expressly or by implication – the FTC Act requires you to live up to those claims. In addition, even if you don’t make specific claims, you still have an obligation to maintain security that's appropriate in light of the nature of the data you possess. Also, if you experience a data breach, the Health Breach Notification Rule may apply to your business. Companies covered by the Rule must take specific steps following a breach. Another key resource: the Statement of the Commission on Breaches by Health Apps and Other Connected Devices.
