Focusing public attention on emerging privacy and civil liberties issues

FTC Issues Final Breach Notification Rule for Electronic Health Information

The Federal Trade Commission issued a final rule requiring breach notification by vendors of medical records and related entities. In June, EPIC submitted comments recommending that all entities handling electronic health records be subject to the regulation and that the FTC should establish a central location to track and announce breaches. The FTC modified the rule accordingly. EPIC had also recommended that information "accessed" be treated as "acquired", substitute media notices be used as supplemental notification, verification of data breach notices be required, minimum security standards be created, penalties for violations be assessed, and the creation of "safe-harbors" for de-identified data be opposed. The rule was mandated under the American Recovery and Reinvestment Act. See EPIC Medical Privacy and EPIC Identity Theft.

Tags:

TrackBack

TrackBack URL for this entry:
https://epic.org/cgi-bin/mt/mt-tb.cgi/586

« Canadian Privacy Commissioner's Deadline for Facebook Arrives, Some Changes are Made at the Social Network Company | Main | Following Canadian Investigation, Facebook Upgrades Privacy »