On Sept. 15, the Federal Trade Commission issued a policy statement emphasizing that developers of health apps and other connected devices and their service providers must meet breach notification requirements under the Health Breach Notification Rule, including a rapid 10-day notice period to the FTC and a 60-day notice period to individuals and the media. The FTC statement also warned that it would bring enforcement action — and violations could result in civil penalties of $43,792 per violation, per day.

Read on for details about the notification rule and critical next steps for impacted entities.