The Federal Trade Commission published and updated its Health Breach Notification Rule at 16 CFR Part 318 to broaden protections for consumers that share their personal health information with vendors, such as health related mobile apps or other connected devices, for services that are not covered by the HIPAA Regulations. The Health Breach Notification Rule requires covered vendors to notify consumers, the FTC, and the media in some cases, if personal health records held by the vendor were impacted by unauthorized access or disclosure. 

Health Breach Notification Rule | Federal Trade Commission (ftc.gov)