The FTC on Thursday approved a Federal Register notice seeking public comment on a proposed rule that would require entities to notify consumers when the security of their electronic health information is breached. The economic stimulus package included provisions to advance the use of health IT and, at the same time, strengthen privacy and security protections for medical data. Among other things, the law recognizes there are new types of Web-based entities that collect or handle consumers' sensitive health information and some offer personal health records, which consumers can use as an electronic, individually controlled repository for their medical information, the FTC said. Others provide online applications through which consumers can track and manage different kinds of information in their personal health records.
"These innovations have the potential to provide numerous benefits for consumers, which can only be realized if they have confidence that the security and confidentiality of their health information will be maintained," according the FTC press release. To address this, the stimulus bill requires the Department of Health and Human Services to conduct a study and report by February 2010, in consultation with the FTC, on potential privacy, security, and breach notification requirements for vendors of personal health records and related entities. In the interim, the statute requires the FTC to issue a temporary rule requiring entities to notify consumers if the security of their health information is breached. The proposed rule the Commission announced Thursday is the first step in implementing this requirement. Read more about the FTC announcement here.
New Media
Online Politics
Tech Policy
Comments
To post a comment, you must provide a name and a valid e-mail address. Messages must be limited to 400 words. By using this service you agree not to post material that is obscene, harassing, defamatory, or otherwise objectionable. Although Tech Daily Dose does not monitor comments posted to this site (and has no obligation to), it reserves the right to delete, edit, or move any material that it deems to be in violation of this rule.