FTC Issues Final Breach Notification Rule for Electronic Health Information

The Federal Trade Commission issued a final rule requiring breach notification by vendors of medical records and related entities. In June, EPIC submitted comments recommending that all entities handling electronic health records be subject to the regulation and that the FTC should establish a central location to track and announce breaches. The FTC modified the rule accordingly. EPIC had also recommended that information "accessed" be treated as "acquired", substitute media notices be used as supplemental notification, verification of data breach notices be required, minimum security standards be created, penalties for violations be assessed, and the creation of "safe-harbors" for de-identified data be opposed. The rule was mandated under the American Recovery and Reinvestment Act. See EPIC Medical Privacy and EPIC Identity Theft.


« Canadian Privacy Commissioner's Deadline for Facebook Arrives, Some Changes are Made at the Social Network Company | Main | Following Canadian Investigation, Facebook Upgrades Privacy »

Share this page:

Support EPIC

EPIC relies on support from individual donors to pursue our work.

Defend Privacy. Support EPIC.

#Privacy

EPIC Bookstore

Machines of Loving Grace

Machines of Loving Grace by John Markoff