{"id":2257,"date":"2023-08-11T05:27:41","date_gmt":"2023-08-11T13:27:41","guid":{"rendered":"https:\/\/blog.mozilla.org\/netpolicy\/?p=2257"},"modified":"2023-08-11T05:27:41","modified_gmt":"2023-08-11T13:27:41","slug":"mozilla-supports-updates-to-the-health-breach-notification-rule","status":"publish","type":"post","link":"https:\/\/blog.mozilla.org\/netpolicy\/2023\/08\/11\/mozilla-supports-updates-to-the-health-breach-notification-rule\/","title":{"rendered":"Mozilla Supports Updates to the Health Breach Notification Rule"},"content":{"rendered":"

[<\/i>Read our full submission here.<\/i><\/a>]<\/i><\/p>\n

Privacy is in our DNA at Mozilla, from our privacy-enhancing products to our support for laws and regulations that enshrine privacy for all. In line with our foundational principle<\/a> that individual privacy and security on the web should never be treated as optional, we have supported a range of US action on privacy<\/a>, including bipartisan Federal privacy legislative proposals<\/a> and the Federal Trade Commission\u2019s (FTC\u2019s) Commercial Surveillance and Data Security ANPR<\/a>.<\/p>\n

This week, we submitted a comment supporting the FTC\u2019s Notice of Proposed Rulemaking<\/a> for the Health Breach Notification Rule (HBNR.) The purpose of the HBNR is to protect non-HIPAA health-related data, such as data from running apps and diet-tracking websites. It does so by requiring certain entities that share health-related information without consent, or experience a data breach, to notify individuals, the FTC, and sometimes the media of the breach of privacy.<\/p>\n

The rule already applied to many health apps and websites, as demonstrated by a set<\/a> of settlements<\/a> from earlier this year, but the new proposed rule even more clearly delineates the responsibilities of companies running health-related apps or websites.<\/p>\n

Mozilla has deep insight into the privacy practices of health-related apps, because our *Privacy Not Included<\/i> research team recently did deep dives on the privacy policies and practices of mental health<\/a> and reproductive health<\/a> apps. They found dismal privacy practices for some of the most sensitive apps they studied. *PNI\u2019s research demonstrates the dire need for this update to the HBNR, and allowed us to suggest two main ways in which the FTC can further strengthen its proposed rule:<\/p>\n