Provisions in the economic stimulus bill, which President Obama will sign on Feb. 17, impose new consumer protection requirements on vendors of personal health records.
The vendors must notify affected individuals following the discovery of a breach of unsecured identifiable health information in PHRs. Vendors also must notify the Federal Trade Commission.
Further, a third-party service provider that provides services to a PHR vendor or covered entities that offer PHRs must notify affected vendors or entities of a beach. "Such notice shall include the identification of each individual whose unsecured PHR identifiable health information has been, or is reasonably believed to have been, accessed, acquired or disclosed during such breach," according to the legislation.
The FTC shall treat violations as unfair and deceptive acts or practices under the Federal Trade Commission Act. The legislation requires the FTC to publish interim final regulations within 180 days of enactment.
The requirements will remain in effect unless Congress enacts new legislation governing PHR breach notifications.
For more information, see Sec. 13407 of H.R. 1, the American Recovery and Reinvestment Act of 2009, at congress.gov.
--Joseph Goedert
Be the first to comment on this post using the section below.