Health Information Management

FTC issues final breach notification rule for electronic health information

HIM-HIPAA Insider, August 24, 2009

The Federal Trade Commission issued its final rule that requires some Internet-based businesses to notify consumers when they've had a breach of their PHI, according to an FTC press release issued Monday, August 17.

The rule was issued under the mandate from Congress in the American Recovery and Reinvestment Act of 2009. It applies to both vendors of personal health records – which "provide online repositories that people can use to keep track of their health information" – and entities that offer third-party applications for personal health records, according to the release. 

The rule requires the Web-based entities to notify the FTC of a breach. The FTC offered a standard form for such notification. 

See also the Federal Register notice.

Most Popular