The Federal Trade Commission (FTC) has finalized changes to its Health Breach Notification Rule, modernizing and strengthening its applicability to health apps, wearable fitness devices, and other similar technologies. The revised rule requires non-HIPAA-governed entities such as vendors of personal health records (PHRs) to notify the FTC and affected individuals of security breaches. The rule also expands the use of electronic means for breach notifications and clarifies requirements for reporting breaches to the FTC.