{"id":13107,"date":"2016-04-19T14:00:29","date_gmt":"2016-04-19T12:00:29","guid":{"rendered":"https:\/\/www.johner-institut.de\/blog\/?p=13107"},"modified":"2023-04-06T15:54:02","modified_gmt":"2023-04-06T13:54:02","slug":"health-breach-notification-rule","status":"publish","type":"post","link":"https:\/\/www.johner-institut.de\/blog\/regulatory-affairs\/health-breach-notification-rule\/","title":{"rendered":"Health Breach Notification Rule"},"content":{"rendered":"\n<p>Die <strong>Health Breach Notification Rule<\/strong> legt fest, wann Anbieter von Health Records welche Probleme mit der Datensicherheit an wen, in welcher Frist und in welcher Form melden m\u00fcssen. Dieser Artikel verschafft Ihnen eine schnelle \u00dcbersicht \u00fcber die Forderung der US-amerikanischen <a href=\"https:\/\/www.johner-institut.de\/blog\/fda\/federal-trade-commission\/\">Federal Trace Commission (FTC)<\/a>.<\/p>\n\n\n\n<!--more-->\n\n\n\n<h2 class=\"wp-block-heading\">Health Breach Notification Rule: Wer melden muss<\/h2>\n\n\n\n<p>Die <a href=\"https:\/\/www.ftc.gov\/enforcement\/rules\/rulemaking-regulatory-reform-proceedings\/health-breach-notification-rule\">Health Breach Notification Note<\/a> wendet sich an Hersteller und Anbieter von Personal Health Records. Das kann ebenso ein Medizinproduktehersteller wie der Betreiber einer Webseite sein. Selbst &#8222;Third Party Provider&#8220; wie der Anbieter von Datenspeicher f\u00fcr solche Gesundheitsdaten f\u00e4llt unter den Scope der Health Breach Notification Rule.<\/p>\n\n\n\n<p>Ausgenommen sind aber<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Organisationen, die bereits dem Health Insurance Portability and Accountability Act (HIPAA) unterliegen sowie<\/li>\n\n\n\n<li>nicht kommerzielle Anbieter.<\/li>\n<\/ul>\n\n\n\n<p>Die FTC m\u00f6chte damit eine regulatorische L\u00fccke schlie\u00dfen, die sich dadurch ergibt, dass es Anbieter gibt, die nicht dem HIPAA unterliegen.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Wann Sie etwas tun&nbsp;m\u00fcssen<\/h2>\n\n\n\n<figure class=\"wp-block-image\"><img loading=\"lazy\" decoding=\"async\" width=\"693\" height=\"173\" src=\"https:\/\/www.johner-institut.de\/blog\/wp-content\/uploads\/2016\/05\/Health-Breach-Notification-Rule-compressor.jpg\" alt=\"Health Breach Notification Rule\" class=\"wp-image-13111\" title=\"Health Breach Notification Rule: Datendiebstahl\" srcset=\"https:\/\/www.johner-institut.de\/blog\/wp-content\/uploads\/2016\/05\/Health-Breach-Notification-Rule-compressor.jpg 693w, https:\/\/www.johner-institut.de\/blog\/wp-content\/uploads\/2016\/05\/Health-Breach-Notification-Rule-compressor-300x75.jpg 300w, https:\/\/www.johner-institut.de\/blog\/wp-content\/uploads\/2016\/05\/Health-Breach-Notification-Rule-compressor-150x37.jpg 150w\" sizes=\"auto, (max-width: 693px) 100vw, 693px\" \/><\/figure>\n\n\n\n<p><span style=\"font-size: xx-small; color: grey;\"><a href=\"https:\/\/de.fotolia.com\/id\/85830113#\">Bildquelle<\/a><\/span><\/p>\n\n\n\n<p>Den&nbsp;Forderungen der Health Breach Notification Rule m\u00fcssen Sie Folge leisten, falls<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Sie zu der o.g. Gruppe von Anbietern z\u00e4hlen und<\/li>\n\n\n\n<li>ein unauthorisierter Zugriff auf Gesundheitsdaten stattgefunden hat (z.B. durch einen Hacker-Angriff) und<\/li>\n\n\n\n<li>die Daten gem\u00e4\u00df Definition des US Gesundheitsministerium &nbsp;ungesichert waren z.B. weil nicht verschl\u00fcsselt und<\/li>\n\n\n\n<li>die Daten einen&nbsp;R\u00fcckschluss auf Individuen erm\u00f6glichen und<\/li>\n\n\n\n<li>die Daten elektronisch vorlagen (also kein Papier gestohlen wurde).\u00f6<\/li>\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading\">Was Sie tun m\u00fcssen<\/h2>\n\n\n\n<p>Sie m\u00fcssen informieren,<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>jede betroffene Person, die B\u00fcrger oder Bewohner der USA sind,<\/li>\n\n\n\n<li>die FTC und<\/li>\n\n\n\n<li>in manchen F\u00e4llen die Medien.<\/li>\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading\">Wie schnell Sie informieren m\u00fcssen<\/h2>\n\n\n\n<p>Die FTC legt in der Health Breach Notification Rule auch die Fristen fest, innerhalb derer Sie informieren m\u00fcssen:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Die Betroffenen ohne ungerechtfertigte Verz\u00f6gerung und innerhalb von 60 Tagen nach Entdeckung des Problems.<\/li>\n\n\n\n<li>Die FTC innerhalb von 10 Tagen, wenn mehr als 500 Personen betroffen sind, sonst 60 Tage nach Ende des Kalenderjahrs.<\/li>\n\n\n\n<li>Die Medien ohne ungerechtfertigte Verz\u00f6gerung und innerhalb von 60 Tagen, falls 500 Personen eines Bundesstaates betroffen sind.<\/li>\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading\">Welche Informationen Sie melden\/\u00fcbermitteln m\u00fcssen<\/h2>\n\n\n\n<p>Sie m\u00fcssen folgende Informationen \u00fcbermitteln:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Beschreibung, was vorgefallen ist<\/li>\n\n\n\n<li>Wann man den Vorfall festgestellt hat<\/li>\n\n\n\n<li>Welche Daten betroffen sind<\/li>\n\n\n\n<li>M\u00f6gliche Risiken f\u00fcr die Betroffenen (auch&nbsp;Identit\u00e4tsdiebstahl)<\/li>\n\n\n\n<li>Weiteres Vorgehen<\/li>\n\n\n\n<li>Kontaktdaten f\u00fcr weitere Informationen.<\/li>\n<\/ul>\n\n\n\n<div class=\"wp-block-group has-white-color has-ji-banner-gradient-background has-text-color has-background is-layout-constrained wp-container-core-group-is-layout-301020a0 wp-block-group-is-layout-constrained\" style=\"padding-top:var(--wp--preset--spacing--50);padding-right:var(--wp--preset--spacing--50);padding-bottom:var(--wp--preset--spacing--50);padding-left:var(--wp--preset--spacing--50)\">\n<div class=\"wp-block-columns is-layout-flex wp-container-core-columns-is-layout-28f84493 wp-block-columns-is-layout-flex\">\n<div class=\"wp-block-column is-vertically-aligned-center is-content-justification-center is-layout-constrained wp-block-column-is-layout-constrained\" style=\"flex-basis:40%\">\n<p class=\"has-large-font-size\">\u00dcberlassen Sie die Sicherheit Ihrer Patienten nicht dem Zufall<\/p>\n<\/div>\n\n\n\n<div class=\"wp-block-column is-layout-flow wp-block-column-is-layout-flow\" style=\"flex-basis:25%\">\n<figure class=\"wp-block-image size-large is-resized\"><a href=\"https:\/\/www.johner-institut.de\/blog\/wp-content\/uploads\/2023\/01\/JI_Icon-Pentesting_we.svg\"><img loading=\"lazy\" decoding=\"async\" width=\"32\" height=\"32\" src=\"https:\/\/www.johner-institut.de\/blog\/wp-content\/uploads\/2023\/01\/JI_Icon-Pentesting_we.svg\" alt=\"\" class=\"wp-image-5367787\" style=\"width:150px;height:150px\"\/><\/a><\/figure>\n<\/div>\n\n\n\n<div class=\"wp-block-column is-vertically-aligned-center is-layout-flow wp-block-column-is-layout-flow\" style=\"flex-basis:35%\">\n<p>Gehen Sie mit einem Pentest des Johner Instituts auf Nummer sicher!<\/p>\n\n\n\n<div class=\"wp-block-buttons is-content-justification-left is-layout-flex wp-container-core-buttons-is-layout-fc4fd283 wp-block-buttons-is-layout-flex\">\n<div class=\"wp-block-button is-style-white-red\"><a class=\"wp-block-button__link wp-element-button\" href=\"https:\/\/www.johner-institut.de\/produktpruefungen\/pruefung-der-it-sicherheit\">Weitere Infos finden Sie hier<\/a><\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n","protected":false},"excerpt":{"rendered":"<p>Die Health Breach Notification Rule legt fest, wann Anbieter von Health Records welche Probleme mit der Datensicherheit an wen, in welcher Frist und in welcher Form melden m\u00fcssen. Dieser Artikel verschafft Ihnen eine schnelle \u00dcbersicht \u00fcber die Forderung der US-amerikanischen Federal Trace Commission (FTC).<\/p>\n","protected":false},"author":1,"featured_media":13112,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"jetpack_post_was_ever_published":false,"_jetpack_newsletter_access":"","_jetpack_dont_email_post_to_subs":false,"_jetpack_newsletter_tier_id":0,"_jetpack_memberships_contains_paywalled_content":false,"_jetpack_memberships_contains_paid_content":false,"footnotes":"","jetpack_publicize_message":"","jetpack_publicize_feature_enabled":true,"jetpack_social_post_already_shared":true,"jetpack_social_options":{"image_generator_settings":{"template":"highway","default_image_id":0,"font":"","enabled":false},"version":2}},"categories":[1108],"tags":[1188,1126,269,967,680],"ppma_author":[1210],"class_list":["post-13107","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-regulatory-affairs","tag-fda","tag-it-security","tag-medizinische-software","tag-mobile-medical-apps","tag-standalone-software","category-1108","description-off"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.2 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>Health Breach Notification Rule: Forderungen der FTC<\/title>\n<meta name=\"description\" content=\"Die FTC beschreibt in der Health Breach Notification Rule, wann welche Anbieter von Health Records welche Problem in welcher Frist an wen melden m\u00fcssen.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.johner-institut.de\/blog\/regulatory-affairs\/health-breach-notification-rule\/\" \/>\n<meta property=\"og:locale\" content=\"de_DE\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Health Breach Notification Rule: Forderungen der FTC\" \/>\n<meta property=\"og:description\" content=\"Die FTC beschreibt in der Health Breach Notification Rule, wann welche Anbieter von Health Records welche Problem in welcher Frist an wen melden m\u00fcssen.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.johner-institut.de\/blog\/regulatory-affairs\/health-breach-notification-rule\/\" \/>\n<meta property=\"og:site_name\" content=\"Regulatorisches Wissen f\u00fcr Medizinprodukte\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/JohnerInstitut\/\" \/>\n<meta property=\"article:published_time\" content=\"2016-04-19T12:00:29+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2023-04-06T13:54:02+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.johner-institut.de\/blog\/wp-content\/uploads\/2016\/05\/mobile_health_app.png\" \/>\n\t<meta property=\"og:image:width\" content=\"250\" \/>\n\t<meta property=\"og:image:height\" content=\"250\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/png\" \/>\n<meta name=\"author\" content=\"Prof. Dr. Christian Johner\" \/>\n<meta name=\"twitter:label1\" content=\"Verfasst von\" \/>\n\t<meta name=\"twitter:data1\" content=\"Prof. Dr. Christian Johner\" \/>\n\t<meta name=\"twitter:label2\" content=\"Gesch\u00e4tzte Lesezeit\" \/>\n\t<meta name=\"twitter:data2\" content=\"3\u00a0Minuten\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/www.johner-institut.de\/blog\/regulatory-affairs\/health-breach-notification-rule\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/www.johner-institut.de\/blog\/regulatory-affairs\/health-breach-notification-rule\/\"},\"author\":{\"name\":\"Prof. Dr. Christian Johner\",\"@id\":\"https:\/\/www.johner-institut.de\/blog\/#\/schema\/person\/77ee54cd54e987c0b5738d4cb4c80441\"},\"headline\":\"Health Breach Notification Rule\",\"datePublished\":\"2016-04-19T12:00:29+00:00\",\"dateModified\":\"2023-04-06T13:54:02+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/www.johner-institut.de\/blog\/regulatory-affairs\/health-breach-notification-rule\/\"},\"wordCount\":377,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\/\/www.johner-institut.de\/blog\/#organization\"},\"image\":{\"@id\":\"https:\/\/www.johner-institut.de\/blog\/regulatory-affairs\/health-breach-notification-rule\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.johner-institut.de\/blog\/wp-content\/uploads\/2016\/05\/mobile_health_app.png\",\"keywords\":[\"FDA - Medizinprodukte in den USA\",\"IT Security\",\"Medizinische Software \/ Medical Device Software\",\"Mobile Medical Apps \u2013 Medizinische Apps\u00a0f\u00fcr Personal oder Patienten\",\"Standalone-Software\"],\"articleSection\":[\"Regulatory Affairs: Regulatorische Anforderungen an Medizinprodukte\"],\"inLanguage\":\"de\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\/\/www.johner-institut.de\/blog\/regulatory-affairs\/health-breach-notification-rule\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.johner-institut.de\/blog\/regulatory-affairs\/health-breach-notification-rule\/\",\"url\":\"https:\/\/www.johner-institut.de\/blog\/regulatory-affairs\/health-breach-notification-rule\/\",\"name\":\"Health Breach Notification Rule: Forderungen der FTC\",\"isPartOf\":{\"@id\":\"https:\/\/www.johner-institut.de\/blog\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/www.johner-institut.de\/blog\/regulatory-affairs\/health-breach-notification-rule\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/www.johner-institut.de\/blog\/regulatory-affairs\/health-breach-notification-rule\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.johner-institut.de\/blog\/wp-content\/uploads\/2016\/05\/mobile_health_app.png\",\"datePublished\":\"2016-04-19T12:00:29+00:00\",\"dateModified\":\"2023-04-06T13:54:02+00:00\",\"description\":\"Die FTC beschreibt in der Health Breach Notification Rule, wann welche Anbieter von Health Records welche Problem in welcher Frist an wen melden m\u00fcssen.\",\"breadcrumb\":{\"@id\":\"https:\/\/www.johner-institut.de\/blog\/regulatory-affairs\/health-breach-notification-rule\/#breadcrumb\"},\"inLanguage\":\"de\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.johner-institut.de\/blog\/regulatory-affairs\/health-breach-notification-rule\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"de\",\"@id\":\"https:\/\/www.johner-institut.de\/blog\/regulatory-affairs\/health-breach-notification-rule\/#primaryimage\",\"url\":\"https:\/\/www.johner-institut.de\/blog\/wp-content\/uploads\/2016\/05\/mobile_health_app.png\",\"contentUrl\":\"https:\/\/www.johner-institut.de\/blog\/wp-content\/uploads\/2016\/05\/mobile_health_app.png\",\"width\":250,\"height\":250,\"caption\":\"FTC Forderungen an Mobile Health Apps, Mobile Medical Apps\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.johner-institut.de\/blog\/regulatory-affairs\/health-breach-notification-rule\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Blog\",\"item\":\"https:\/\/www.johner-institut.de\/blog\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Regulatory Affairs: Regulatorische Anforderungen an Medizinprodukte\",\"item\":\"https:\/\/www.johner-institut.de\/blog\/category\/regulatory-affairs\/\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"Health Breach Notification Rule\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.johner-institut.de\/blog\/#website\",\"url\":\"https:\/\/www.johner-institut.de\/blog\/\",\"name\":\"Regulatorisches Wissen f\u00fcr Medizinprodukte\",\"description\":\"Fachartikel zur Entwicklung und Zulassung von Medizinprodukten und weiteren regulatorischen Themen\",\"publisher\":{\"@id\":\"https:\/\/www.johner-institut.de\/blog\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.johner-institut.de\/blog\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"de\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/www.johner-institut.de\/blog\/#organization\",\"name\":\"Johner Institut GmbH\",\"url\":\"https:\/\/www.johner-institut.de\/blog\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"de\",\"@id\":\"https:\/\/www.johner-institut.de\/blog\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/www.johner-institut.de\/blog\/wp-content\/uploads\/2015\/07\/Johner-Institut.png\",\"contentUrl\":\"https:\/\/www.johner-institut.de\/blog\/wp-content\/uploads\/2015\/07\/Johner-Institut.png\",\"width\":1213,\"height\":286,\"caption\":\"Johner Institut GmbH\"},\"image\":{\"@id\":\"https:\/\/www.johner-institut.de\/blog\/#\/schema\/logo\/image\/\"},\"sameAs\":[\"https:\/\/www.facebook.com\/JohnerInstitut\/\",\"https:\/\/x.com\/christianjohner\",\"https:\/\/www.youtube.com\/user\/JohnerInstitut\"]},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.johner-institut.de\/blog\/#\/schema\/person\/77ee54cd54e987c0b5738d4cb4c80441\",\"name\":\"Prof. Dr. Christian Johner\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"de\",\"@id\":\"https:\/\/www.johner-institut.de\/blog\/wp-content\/uploads\/2023\/05\/Christian_Johner.jpgab057afc2debeb41aaf55cce7e79e618\",\"url\":\"https:\/\/www.johner-institut.de\/blog\/wp-content\/uploads\/2023\/05\/Christian_Johner.jpg\",\"contentUrl\":\"https:\/\/www.johner-institut.de\/blog\/wp-content\/uploads\/2023\/05\/Christian_Johner.jpg\",\"caption\":\"Prof. Dr. Christian Johner\"},\"description\":\"Professor Johner ist Experte f\u00fcr die Entwicklung und Zulassung von Medizinprodukten, die Software enthalten oder Software sind. Als Auditor, als Mitglied eines Normen-Komitees, als Ausbilder benannter Stellen sowie als Autor mehrerer B\u00fccher und Leitf\u00e4den tr\u00e4gt der promovierte Physiker zur Weiterentwicklung der regulatorischen Landschaft bei. Davon zeugen auch Leitf\u00e4den, die er f\u00fcr die WHO und die Benannten Stellen entwickelt hat. Sein Unternehmen, das Johner Institut, unterst\u00fctzt Medizinproduktehersteller weltweit beim Aufbau von QM-Systemen, bei der Zulassung und Pr\u00fcfung ihrer Produkte sowie bei der digitalen Transformation regulatorischer Prozesse. Es bietet Weiterbildungen wie E-Learning und Seminare an und \u00fcbernimmt f\u00fcr Hersteller Prozesse wie die \u00dcberwachung der Regularien und der Produkte im Markt. Christian Johner lehrte an mehreren Universit\u00e4ten u.a. an der Hochschule Konstanz, der Universit\u00e4t St. Gallen, der Universit\u00e4t W\u00fcrzburg sowie der Stanford University v.a. Software-Architektur, Software-Qualit\u00e4tssicherung und medizinische Informatik.\",\"sameAs\":[\"https:\/\/www.linkedin.com\/in\/christianjohner\/\",\"https:\/\/x.com\/christianjohner\"],\"url\":\"https:\/\/www.johner-institut.de\/blog\/author\/christian\/\"}]}<\/script>\n<meta name=\"copyright\" content=\"Johner Institut GmbH\" \/>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Health Breach Notification Rule: Forderungen der FTC","description":"Die FTC beschreibt in der Health Breach Notification Rule, wann welche Anbieter von Health Records welche Problem in welcher Frist an wen melden m\u00fcssen.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.johner-institut.de\/blog\/regulatory-affairs\/health-breach-notification-rule\/","og_locale":"de_DE","og_type":"article","og_title":"Health Breach Notification Rule: Forderungen der FTC","og_description":"Die FTC beschreibt in der Health Breach Notification Rule, wann welche Anbieter von Health Records welche Problem in welcher Frist an wen melden m\u00fcssen.","og_url":"https:\/\/www.johner-institut.de\/blog\/regulatory-affairs\/health-breach-notification-rule\/","og_site_name":"Regulatorisches Wissen f\u00fcr Medizinprodukte","article_publisher":"https:\/\/www.facebook.com\/JohnerInstitut\/","article_published_time":"2016-04-19T12:00:29+00:00","article_modified_time":"2023-04-06T13:54:02+00:00","og_image":[{"width":250,"height":250,"url":"https:\/\/www.johner-institut.de\/blog\/wp-content\/uploads\/2016\/05\/mobile_health_app.png","type":"image\/png"}],"author":"Prof. Dr. Christian Johner","twitter_misc":{"Verfasst von":"Prof. Dr. Christian Johner","Gesch\u00e4tzte Lesezeit":"3\u00a0Minuten"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.johner-institut.de\/blog\/regulatory-affairs\/health-breach-notification-rule\/#article","isPartOf":{"@id":"https:\/\/www.johner-institut.de\/blog\/regulatory-affairs\/health-breach-notification-rule\/"},"author":{"name":"Prof. Dr. Christian Johner","@id":"https:\/\/www.johner-institut.de\/blog\/#\/schema\/person\/77ee54cd54e987c0b5738d4cb4c80441"},"headline":"Health Breach Notification Rule","datePublished":"2016-04-19T12:00:29+00:00","dateModified":"2023-04-06T13:54:02+00:00","mainEntityOfPage":{"@id":"https:\/\/www.johner-institut.de\/blog\/regulatory-affairs\/health-breach-notification-rule\/"},"wordCount":377,"commentCount":0,"publisher":{"@id":"https:\/\/www.johner-institut.de\/blog\/#organization"},"image":{"@id":"https:\/\/www.johner-institut.de\/blog\/regulatory-affairs\/health-breach-notification-rule\/#primaryimage"},"thumbnailUrl":"https:\/\/www.johner-institut.de\/blog\/wp-content\/uploads\/2016\/05\/mobile_health_app.png","keywords":["FDA - Medizinprodukte in den USA","IT Security","Medizinische Software \/ Medical Device Software","Mobile Medical Apps \u2013 Medizinische Apps\u00a0f\u00fcr Personal oder Patienten","Standalone-Software"],"articleSection":["Regulatory Affairs: Regulatorische Anforderungen an Medizinprodukte"],"inLanguage":"de","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/www.johner-institut.de\/blog\/regulatory-affairs\/health-breach-notification-rule\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/www.johner-institut.de\/blog\/regulatory-affairs\/health-breach-notification-rule\/","url":"https:\/\/www.johner-institut.de\/blog\/regulatory-affairs\/health-breach-notification-rule\/","name":"Health Breach Notification Rule: Forderungen der FTC","isPartOf":{"@id":"https:\/\/www.johner-institut.de\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.johner-institut.de\/blog\/regulatory-affairs\/health-breach-notification-rule\/#primaryimage"},"image":{"@id":"https:\/\/www.johner-institut.de\/blog\/regulatory-affairs\/health-breach-notification-rule\/#primaryimage"},"thumbnailUrl":"https:\/\/www.johner-institut.de\/blog\/wp-content\/uploads\/2016\/05\/mobile_health_app.png","datePublished":"2016-04-19T12:00:29+00:00","dateModified":"2023-04-06T13:54:02+00:00","description":"Die FTC beschreibt in der Health Breach Notification Rule, wann welche Anbieter von Health Records welche Problem in welcher Frist an wen melden m\u00fcssen.","breadcrumb":{"@id":"https:\/\/www.johner-institut.de\/blog\/regulatory-affairs\/health-breach-notification-rule\/#breadcrumb"},"inLanguage":"de","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.johner-institut.de\/blog\/regulatory-affairs\/health-breach-notification-rule\/"]}]},{"@type":"ImageObject","inLanguage":"de","@id":"https:\/\/www.johner-institut.de\/blog\/regulatory-affairs\/health-breach-notification-rule\/#primaryimage","url":"https:\/\/www.johner-institut.de\/blog\/wp-content\/uploads\/2016\/05\/mobile_health_app.png","contentUrl":"https:\/\/www.johner-institut.de\/blog\/wp-content\/uploads\/2016\/05\/mobile_health_app.png","width":250,"height":250,"caption":"FTC Forderungen an Mobile Health Apps, Mobile Medical Apps"},{"@type":"BreadcrumbList","@id":"https:\/\/www.johner-institut.de\/blog\/regulatory-affairs\/health-breach-notification-rule\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Blog","item":"https:\/\/www.johner-institut.de\/blog\/"},{"@type":"ListItem","position":2,"name":"Regulatory Affairs: Regulatorische Anforderungen an Medizinprodukte","item":"https:\/\/www.johner-institut.de\/blog\/category\/regulatory-affairs\/"},{"@type":"ListItem","position":3,"name":"Health Breach Notification Rule"}]},{"@type":"WebSite","@id":"https:\/\/www.johner-institut.de\/blog\/#website","url":"https:\/\/www.johner-institut.de\/blog\/","name":"Regulatorisches Wissen f\u00fcr Medizinprodukte","description":"Fachartikel zur Entwicklung und Zulassung von Medizinprodukten und weiteren regulatorischen Themen","publisher":{"@id":"https:\/\/www.johner-institut.de\/blog\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.johner-institut.de\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"de"},{"@type":"Organization","@id":"https:\/\/www.johner-institut.de\/blog\/#organization","name":"Johner Institut GmbH","url":"https:\/\/www.johner-institut.de\/blog\/","logo":{"@type":"ImageObject","inLanguage":"de","@id":"https:\/\/www.johner-institut.de\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/www.johner-institut.de\/blog\/wp-content\/uploads\/2015\/07\/Johner-Institut.png","contentUrl":"https:\/\/www.johner-institut.de\/blog\/wp-content\/uploads\/2015\/07\/Johner-Institut.png","width":1213,"height":286,"caption":"Johner Institut GmbH"},"image":{"@id":"https:\/\/www.johner-institut.de\/blog\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.facebook.com\/JohnerInstitut\/","https:\/\/x.com\/christianjohner","https:\/\/www.youtube.com\/user\/JohnerInstitut"]},{"@type":"Person","@id":"https:\/\/www.johner-institut.de\/blog\/#\/schema\/person\/77ee54cd54e987c0b5738d4cb4c80441","name":"Prof. Dr. Christian Johner","image":{"@type":"ImageObject","inLanguage":"de","@id":"https:\/\/www.johner-institut.de\/blog\/wp-content\/uploads\/2023\/05\/Christian_Johner.jpgab057afc2debeb41aaf55cce7e79e618","url":"https:\/\/www.johner-institut.de\/blog\/wp-content\/uploads\/2023\/05\/Christian_Johner.jpg","contentUrl":"https:\/\/www.johner-institut.de\/blog\/wp-content\/uploads\/2023\/05\/Christian_Johner.jpg","caption":"Prof. Dr. Christian Johner"},"description":"Professor Johner ist Experte f\u00fcr die Entwicklung und Zulassung von Medizinprodukten, die Software enthalten oder Software sind. Als Auditor, als Mitglied eines Normen-Komitees, als Ausbilder benannter Stellen sowie als Autor mehrerer B\u00fccher und Leitf\u00e4den tr\u00e4gt der promovierte Physiker zur Weiterentwicklung der regulatorischen Landschaft bei. Davon zeugen auch Leitf\u00e4den, die er f\u00fcr die WHO und die Benannten Stellen entwickelt hat. Sein Unternehmen, das Johner Institut, unterst\u00fctzt Medizinproduktehersteller weltweit beim Aufbau von QM-Systemen, bei der Zulassung und Pr\u00fcfung ihrer Produkte sowie bei der digitalen Transformation regulatorischer Prozesse. Es bietet Weiterbildungen wie E-Learning und Seminare an und \u00fcbernimmt f\u00fcr Hersteller Prozesse wie die \u00dcberwachung der Regularien und der Produkte im Markt. Christian Johner lehrte an mehreren Universit\u00e4ten u.a. an der Hochschule Konstanz, der Universit\u00e4t St. Gallen, der Universit\u00e4t W\u00fcrzburg sowie der Stanford University v.a. Software-Architektur, Software-Qualit\u00e4tssicherung und medizinische Informatik.","sameAs":["https:\/\/www.linkedin.com\/in\/christianjohner\/","https:\/\/x.com\/christianjohner"],"url":"https:\/\/www.johner-institut.de\/blog\/author\/christian\/"}]}},"jetpack_publicize_connections":[],"jetpack_featured_media_url":"https:\/\/www.johner-institut.de\/blog\/wp-content\/uploads\/2016\/05\/mobile_health_app.png","jetpack-related-posts":[{"id":13097,"url":"https:\/\/www.johner-institut.de\/blog\/regulatory-affairs\/federal-trade-commission\/","url_meta":{"origin":13107,"position":0},"title":"Federal Trade Commission FTC: F\u00fcr Medizinproduktehersteller?","author":"Prof. Dr. Christian Johner","date":"18. April 2016","format":false,"excerpt":"Die\u00a0Federal Trade Commission (FTC) ist eine US-amerikanische Beh\u00f6rde, deren Zielsetzung in der\u00a0Wahrung des Wettbewerbsrechts und des Verbraucherschutzes liegt. Unter welchen Umst\u00e4nden Sie auch die Anforderungen der FTC \u00a0beachten m\u00fcssen und worin diese Anforderungen bestehen, lesen Sie in diesem Beitrag. Wie radikal die FTC auch bei Herstellern von Medical Apps vorgehen\u2026","rel":"","context":"In &quot;Regulatory Affairs: Regulatorische Anforderungen an Medizinprodukte&quot;","block_context":{"text":"Regulatory Affairs: Regulatorische Anforderungen an Medizinprodukte","link":"https:\/\/www.johner-institut.de\/blog\/category\/regulatory-affairs\/"},"img":{"alt_text":"Federal Trade Commission FTC","src":"https:\/\/i0.wp.com\/www.johner-institut.de\/blog\/wp-content\/uploads\/2016\/05\/US-Federal-Trade-Commission.png?resize=350%2C200&ssl=1","width":350,"height":200},"classes":[]},{"id":4793202,"url":"https:\/\/www.johner-institut.de\/blog\/regulatory-affairs\/hipaa\/","url_meta":{"origin":13107,"position":1},"title":"HIPAA in a nutshell","author":"Prof. Dr. Christian Johner","date":"20. Februar 2023","format":false,"excerpt":"Der Health Insurance Portability and Accountability Act (HIPAA) ist ein US-amerikanisches Gesetz, das Anforderungen an den Umgang mit gesch\u00fctzten Gesundheitsdaten stellt. Institutionen, die in den USA diese Daten erheben oder verarbeiten, sowie deren Unterauftraggeber m\u00fcssen den HIPAA befolgen, um Sanktionen zu vermeiden. Besonders f\u00fcr europ\u00e4ische Firmen ist der HIPAA ein\u2026","rel":"","context":"In &quot;Regulatory Affairs: Regulatorische Anforderungen an Medizinprodukte&quot;","block_context":{"text":"Regulatory Affairs: Regulatorische Anforderungen an Medizinprodukte","link":"https:\/\/www.johner-institut.de\/blog\/category\/regulatory-affairs\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/www.johner-institut.de\/blog\/wp-content\/uploads\/2022\/04\/CFR-45-part-160.png?resize=350%2C200&ssl=1","width":350,"height":200},"classes":[]},{"id":1214498,"url":"https:\/\/www.johner-institut.de\/blog\/regulatory-affairs\/digital-health-e-health\/","url_meta":{"origin":13107,"position":2},"title":"Digital Health &#038; E-Health: Die 7 gr\u00f6\u00dften Herausforderungen","author":"Florian Krafft","date":"18. Dezember 2018","format":false,"excerpt":"Viele Digital Health Technologien und Anwendungen wie Machine Learning und Connected Home stehen im Gartner Hype Cycle gerade auf dem Gipfel der \u00fcberzogenen Erwartungen. Hingegen durchleiden viele E-Health Technologien wie \u201eHealthcare Master Data Management\u201c gerade das Tal der Tr\u00e4nen. Lernen Sie in diesem Artikel Digital Health und E-Health besser abzugrenzen.\u2026","rel":"","context":"In &quot;Gesundheitswesen &amp; Health IT&quot;","block_context":{"text":"Gesundheitswesen &amp; Health IT","link":"https:\/\/www.johner-institut.de\/blog\/category\/gesundheitswesen\/"},"img":{"alt_text":"Bausteine f\u00fcr Digital Health","src":"https:\/\/i0.wp.com\/www.johner-institut.de\/blog\/wp-content\/uploads\/2018\/05\/Digital-Health.jpg?resize=350%2C200&ssl=1","width":350,"height":200,"srcset":"https:\/\/i0.wp.com\/www.johner-institut.de\/blog\/wp-content\/uploads\/2018\/05\/Digital-Health.jpg?resize=350%2C200&ssl=1 1x, https:\/\/i0.wp.com\/www.johner-institut.de\/blog\/wp-content\/uploads\/2018\/05\/Digital-Health.jpg?resize=525%2C300&ssl=1 1.5x, https:\/\/i0.wp.com\/www.johner-institut.de\/blog\/wp-content\/uploads\/2018\/05\/Digital-Health.jpg?resize=700%2C400&ssl=1 2x, https:\/\/i0.wp.com\/www.johner-institut.de\/blog\/wp-content\/uploads\/2018\/05\/Digital-Health.jpg?resize=1050%2C600&ssl=1 3x"},"classes":[]},{"id":2390,"url":"https:\/\/www.johner-institut.de\/blog\/iso-14971-risikomanagement\/cloud-computing-im-gesundheitswesen\/","url_meta":{"origin":13107,"position":3},"title":"Medical Cloud und Cloud-Computing im Gesundheitswesen","author":"Prof. Dr. Christian Johner","date":"4. April 2024","format":false,"excerpt":"Medizinprodukte- und IVD-Hersteller verwenden zunehmend Cloud-Dienste: Hersteller nutzen cloudbasierte Software-Anwendungen, so wie andere Unternehmen etwa cloudbasierte ERP- oder ALM-Systeme einsetzen. Hersteller verwenden Cloud-Plattformen, um darauf eigene Software-Anwendungen zu betreiben. Bieten sie diese Anwendungen den Kunden an, z. B. Krankenh\u00e4usern oder Patienten, so bezeichnen wir diese cloudbasierten Plattformen in diesem Artikel\u2026","rel":"","context":"In &quot;Gesundheitswesen &amp; Health IT&quot;","block_context":{"text":"Gesundheitswesen &amp; Health IT","link":"https:\/\/www.johner-institut.de\/blog\/category\/gesundheitswesen\/"},"img":{"alt_text":"Cloud-Computing: IaaS, PaaS, SaaS","src":"https:\/\/i0.wp.com\/www.johner-institut.de\/blog\/wp-content\/uploads\/2015\/06\/Cloud-Computing-IaaS-PaaS-SaaS.jpg?resize=350%2C200&ssl=1","width":350,"height":200},"classes":[]},{"id":5380966,"url":"https:\/\/www.johner-institut.de\/blog\/regulatory-affairs\/ehds-european-health-data-space\/","url_meta":{"origin":13107,"position":4},"title":"European Health Data Space EHDS: Eine \u00dcbersicht f\u00fcr Medizinprodukte- und IVD-Hersteller","author":"Prof. Dr. Christian Johner","date":"14. April 2025","format":false,"excerpt":"Die Verordnung (EU) 2025\/327 \u00fcber den europ\u00e4ischen Gesundheitsdatenraum (European Health Data Space, kurz EHDS) ist eine weitere europ\u00e4ische Verordnung, die Hersteller von Medizinprodukten und IVD betreffen kann. Was diese Verordnung fordert und was diese Hersteller bis wann tun m\u00fcssen, kl\u00e4rt dieser Artikel ebenso wie m\u00f6gliche Vorteile des EHDS bzw. der\u2026","rel":"","context":"In &quot;Regulatory Affairs: Regulatorische Anforderungen an Medizinprodukte&quot;","block_context":{"text":"Regulatory Affairs: Regulatorische Anforderungen an Medizinprodukte","link":"https:\/\/www.johner-institut.de\/blog\/category\/regulatory-affairs\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/www.johner-institut.de\/blog\/wp-content\/uploads\/2025\/03\/EHDS-EHR-Medizinprodukte-KI-Systeme.jpg?resize=350%2C200&ssl=1","width":350,"height":200,"srcset":"https:\/\/i0.wp.com\/www.johner-institut.de\/blog\/wp-content\/uploads\/2025\/03\/EHDS-EHR-Medizinprodukte-KI-Systeme.jpg?resize=350%2C200&ssl=1 1x, https:\/\/i0.wp.com\/www.johner-institut.de\/blog\/wp-content\/uploads\/2025\/03\/EHDS-EHR-Medizinprodukte-KI-Systeme.jpg?resize=525%2C300&ssl=1 1.5x, https:\/\/i0.wp.com\/www.johner-institut.de\/blog\/wp-content\/uploads\/2025\/03\/EHDS-EHR-Medizinprodukte-KI-Systeme.jpg?resize=700%2C400&ssl=1 2x"},"classes":[]},{"id":2972888,"url":"https:\/\/www.johner-institut.de\/blog\/iec-62304-medizinische-software\/medical-grade-software\/","url_meta":{"origin":13107,"position":5},"title":"Medical Grade Software","author":"Prof. Dr. Christian Johner","date":"10. Dezember 2019","format":false,"excerpt":"\u201eWir entwickeln Medical Grade Software\u201c, behaupten Hersteller und Entwicklungsdienstleister, ohne zu spezifizieren, was sie unter \u201eMedical Grade\u201c verstehen. Diese Definition ist wichtig. Nur so l\u00e4sst sich einsch\u00e4tzen, wie sehr diese Software beitragen kann, um regulatorische Anforderungen zu erf\u00fcllen. Hersteller werben mit dem Attribut \u201eMedical Grade Software\u201c. Zudem schie\u00dfen neue Pr\u00fcfsiegel\u2026","rel":"","context":"In &quot;Regulatory Affairs: Regulatorische Anforderungen an Medizinprodukte&quot;","block_context":{"text":"Regulatory Affairs: Regulatorische Anforderungen an Medizinprodukte","link":"https:\/\/www.johner-institut.de\/blog\/category\/regulatory-affairs\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/www.johner-institut.de\/blog\/wp-content\/uploads\/2019\/12\/Medical-Grade-Software-2.jpg?resize=350%2C200&ssl=1","width":350,"height":200,"srcset":"https:\/\/i0.wp.com\/www.johner-institut.de\/blog\/wp-content\/uploads\/2019\/12\/Medical-Grade-Software-2.jpg?resize=350%2C200&ssl=1 1x, https:\/\/i0.wp.com\/www.johner-institut.de\/blog\/wp-content\/uploads\/2019\/12\/Medical-Grade-Software-2.jpg?resize=525%2C300&ssl=1 1.5x, https:\/\/i0.wp.com\/www.johner-institut.de\/blog\/wp-content\/uploads\/2019\/12\/Medical-Grade-Software-2.jpg?resize=700%2C400&ssl=1 2x"},"classes":[]}],"jetpack_shortlink":"https:\/\/wp.me\/pavawf-3pp","jetpack_sharing_enabled":true,"authors":[{"term_id":1210,"user_id":1,"is_guest":0,"slug":"christian","display_name":"Prof. Dr. Christian Johner","avatar_url":{"url":"https:\/\/www.johner-institut.de\/blog\/wp-content\/uploads\/2023\/05\/Christian_Johner.jpg","url2x":"https:\/\/www.johner-institut.de\/blog\/wp-content\/uploads\/2023\/05\/Christian_Johner.jpg"},"0":null,"1":"","2":"","3":"","4":"","5":"","6":"","7":"","8":"","9":""}],"_links":{"self":[{"href":"https:\/\/www.johner-institut.de\/blog\/wp-json\/wp\/v2\/posts\/13107","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.johner-institut.de\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.johner-institut.de\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.johner-institut.de\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.johner-institut.de\/blog\/wp-json\/wp\/v2\/comments?post=13107"}],"version-history":[{"count":2,"href":"https:\/\/www.johner-institut.de\/blog\/wp-json\/wp\/v2\/posts\/13107\/revisions"}],"predecessor-version":[{"id":5369962,"href":"https:\/\/www.johner-institut.de\/blog\/wp-json\/wp\/v2\/posts\/13107\/revisions\/5369962"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.johner-institut.de\/blog\/wp-json\/wp\/v2\/media\/13112"}],"wp:attachment":[{"href":"https:\/\/www.johner-institut.de\/blog\/wp-json\/wp\/v2\/media?parent=13107"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.johner-institut.de\/blog\/wp-json\/wp\/v2\/categories?post=13107"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.johner-institut.de\/blog\/wp-json\/wp\/v2\/tags?post=13107"},{"taxonomy":"author","embeddable":true,"href":"https:\/\/www.johner-institut.de\/blog\/wp-json\/wp\/v2\/ppma_author?post=13107"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}