Health Information Management

FTC issues final breach notification rule for electronic health information

HIM-HIPAA Insider, August 25, 2009

Want to receive articles like this one in your inbox? Subscribe to HIM-HIPAA Insider!

The Federal Trade Commission (FTC) issued its final rule that requires some Internet-based businesses to notify consumers when a breach of their electronic PHI occurs, according to an FTC press release issued August 17.

The rule was issued under the mandate from Congress in the American Recovery and Reinvestment Act of 2009. It applies to both vendors of personal health records that "provide online repositories that people can use to keep track of their health information" and entities that offer third-party applications for personal health records, according to the release.

The rule requires the Web-based entities to notify the FTC of a breach. The FTC offered a standard form for such notification. 

For more information, see the Federal Register notice.



Want to receive articles like this one in your inbox? Subscribe to HIM-HIPAA Insider!

Most Popular