The agency reminded health apps and wearables companies that they must disclose any breach of users’ health information, even if they are not a HIPAA covered entity. Companies that fail to disclose a breach could face thousands of dollars per day in fines.