FTC Posts NPRM on Breach Notification Rule for e-Health Information

On April 17, 2009, the Federal Trade Commission issued a notice of proposed rulemaking that requires vendors of personal health records and related entities such as non-profit organizations that offer PHRs, to notify individuals when the security of their individually identifiable health information is breached.┬áThe NPRM seeks to conform with rules from HHS that safeguard protected health information, but the FTC proposed rule applies to non HIPAA-covered entities that are not subject to HIPAA privacy and security requirements. Of the many comments the FTC seeks is to identify entities that would fall under this ruling. We believe this rule will strengthen the trust consumers/patients have in sharing information in their…

READ MORE