Summary
Amends the Health Breach Notification Rule to clarify coverage of health apps and connected devices, expand definitions (e.g., Personal Health Record related entities), and specify breach notification triggers and methods, with an effective date of July 29, 2024.
Healthcare Implications
Non‑Health Insurance Portability and Accountability Act health apps and consumer digital health services handling sensitive data–including AI‑powered apps–must meet stricter breach notification duties. Health systems partnering with such apps should update vendor risk management and incident response plans.