FTC Issues Health IT Privacy Proposal

Fri, 17 Apr 2009 14:50:13 GMT

The FTC on Thursday approved a Federal Register notice seeking public comment on a proposed rule that would require entities to notify consumers when the security of their electronic health information is breached. The economic stimulus package included provisions to advance the use of health IT and, at the same time, strengthen privacy and security protections for medical data. Among other things, the law recognizes there are new types of Web-based entities that collect or handle consumers' sensitive health information and some offer personal health records, which consumers can use as an electronic, individually controlled repository for their medical information, the FTC said. Others provide online applications through which consumers can track and manage different kinds of information in their personal health records.

"These innovations have the potential to provide numerous benefits for consumers, which can only be realized if they have confidence that the security and confidentiality of their health information will be maintained," according the FTC press release. To address this, the stimulus bill requires the Department of Health and Human Services to conduct a study and report by February 2010, in consultation with the FTC, on potential privacy, security, and breach notification requirements for vendors of personal health records and related entities. In the interim, the statute requires the FTC to issue a temporary rule requiring entities to notify consumers if the security of their health information is breached. The proposed rule the Commission announced Thursday is the first step in implementing this requirement. Read more about the FTC announcement here.

Tech Daily Dose: FTC Issues Health IT Privacy Proposal

FTC Issues Health IT Privacy Proposal