FTC issues Health Breach Notification Rule
The Federal Trade Commission (â€œFTCâ€ or â€œCommissionâ€) is issuing this final rule, as required by the American Recovery and Reinvestment Act of 2009 (the â€œRecovery Actâ€ or â€œthe Actâ€). The rule requires vendors of personal health records and related entities to notify consumers when the security of their individually identifiable health information has been breached.
DATES: This rule is effective [insert date 30 days after date of publication in the FEDERAL REGISTER]. Full compliance is required by [insert date 180 days after date of publication in the FEDERAL REGISTER].
The rule can be found on the FTC’s site (pdf, 88 pp.). There will be more coverage of this after everyone has a chance to read through it.
See also the Health Breach Notification form (pdf) and the FTC’s press release.