Help

BI’s Article search uses Boolean search capabilities. If you are not familiar with these principles, here are some quick tips.

To search specifically for more than one word, put the search term in quotation marks. For example, “workers compensation”. This will limit your search to that combination of words.

To search for a combination of terms, use quotations and the & symbol. For example, “hurricane” & “loss”.

Login Register Subscribe

FTC seeks comments on health-care vendor notification rule

Reprints
FTC

The Federal Trade Commission is seeking comments as to whether changes should be made to a rule that requires when health care vendors notify individuals and others that a data breach has occurred.

Under the current decade-old law, vendors of personal health records and related entities that are not covered by the Health Insurance Portability and Accountability Act must notify individuals, the FTC and in some cases the media of a breach of unsecured personally identifiable health data, the FTC said Friday.

The rule now requires these entities to provide notifications within 60 days after the discovery of the breach and, if more than 500 individuals are affected, notify the FTC within 10 business days.

The FTC said it is seeking comment on issues including whether the rule has resulted in under-notification, over-notification or an efficient level of notification, and whether its definitions should be modified to reflect legal, economic and technological changes.

 

 

 

Read Next

  • Software trainer settles with FTC over EU privacy claims

    An Oakland, California-based online software training company has reached a settlement with the Federal Trade Commission for allegedly falsely claiming on its website that it was in the process of certifying its compliance with the EU-U.S. Privacy Shield Framework, although it will not have to pay any fines under the agreement, according to the FTC.