Illustration by Alex Castro / The Verge
Health apps have to tell their users about any data breaches or risk a hefty fine, the Federal Trade Commission clarified in a policy statement last week. The rule that requires that transparency is a decade old, but it hasn’t been enforced before. The new guidance serves as a warning to the many companies elbowing into the health app space: the FTC is taking issues around health data privacy seriously — even if it won’t be able to tackle all the privacy gaps on its own.
The FTC’s Health Breach Notification Rule covers all organizations that aren’t subject to the Health Insurance Portability and Accountability Act (HIPAA), which covers things like doctors and insurance companies. HIPAA requires those groups to disclose any time they have…