FTC Issues Proposed PHR Breach Rule

HDM Breaking News, April 16, 2009

The Federal Trade Commission has issued a proposed rule that would require personal health records vendors and related entities to notify consumers when their identifiable health information has been breached. The FTC further is soliciting public comment through June 1 on the proposed rule.

Like what you see? Click here to sign up for Health Data Management's daily newsletter to get the latest news in health care I.T.

The American Recovery and Reinvestment Act requires the Department of Health and Human Services, in consultation with the FTC, by February 2010 to release a study on potential privacy, security and breach notification requirements for PHR vendors and related entities.

In the meantime, the act mandates an interim final rule from the FTC by August. The FTC intends to develop the interim final rule following the public comment period on the proposed rule.

The proposed rule is not as formal as most proposed rules. It appears to be a substantial outline, or "first look," at what provisions could be in the interim final rule.

The FTC has posted on its Web site a notice, soon to be published in the Federal Register, that includes the proposed rule. The notice is available at ftc.gov/opa/2009/04/healthbreach.shtm.

To comment on the rule, click here.

--Joseph Goedert

For more information on related topics, visit the following channels: