PIRG’s comments on the FTC Health Breach Notification Rule

Health apps shouldn't be able to share our sensitive data with third party companies. The FTC is looking to rein them in with its Health Breach Notification Rule

A stethoscope sits next to an open laptop
NegativeSpace | Public Domain
Health data online poses serious privacy challenges.

Health apps, websites and fitness devices aren’t covered by HIPAA, and that’s a problem. Right now, these tools can legally share your sensitive health data with third party companies, including tech companies and advertisers.

The FTC has taken action against companies like GoodRx for sharing data with Facebook, and it’s looking to strengthen rules stopping health apps from using our data however they like.

PIRG supports the FTC’s new focus on protecting consumers in the digital age. We submitted comments expressing our support and asking the FTC to take even further action.

Download our full comments.

To protect consumers, the FTC should:

  1.  Finalize the proposed amendment to the Health Breach Notification Rule that expands the types of covered entities to include health apps, sites and fitness devices.
  2. Add data brokers and online advertising companies in the list of companies that have to follow the rule.
  3. Finalize the proposed change that would count the sharing of health data with third parties as a data breach.
  4. Add that the collection of unnecessary data also qualifies a data breach.

Along with our comments, we submitted over 9,600 petition signatures from PIRG members to the FTC encouraging it to take action.


R.J. Cross

Director, Don't Sell My Data Campaign, PIRG

R.J. focuses on data privacy issues and the commercialization of personal data in the digital age. Her work ranges from consumer harms like scams and data breaches, to manipulative targeted advertising, to keeping kids safe online. In her work at Frontier Group, she has authored research reports on government transparency, consumer debt and predatory auto lending, and has testified before Congress. Her work has appeared in WIRED magazine, CBS Mornings and USA Today, among other outlets. When she’s not protecting the public interest, she is an avid reader, fiction writer and birder. Though she lives in Boston, she will always consider herself a Kansan at heart.

Patricia Kelmar

Senior Director, Health Care Campaigns, PIRG

Patricia directs the health care campaign work for U.S. PIRG and provides support to our state offices for state-based health initiatives. Her prior roles include senior policy advisor at NJ Health Care Quality Institute, associate state director at AARP New Jersey and consumer advocate at NJPIRG. She was appointed to the Ground Ambulance and Patient Billing Advisory Committee in 2022 and works with patient advocates across the U.S. Patricia enjoys walking along the Potomac River and sharing her love of books with friends and family around the world.

Find Out More