FTC Issues Health IT Breach Rule

August 17, 2009

The FTC on Monday issued a final rule requiring certain Web-based businesses to notify consumers when the security of their electronic health information is breached. Congress directed the consumer protection agency to issue the rule as part of the economic stimulus package and it applies to both vendors of personal health records - which provide online repositories that people can use to keep track of their health information - and entities that offer third-party applications for personal health records. Such applications include devices such as blood pressure cuffs or pedometers whose readings consumers can upload into their personal health records, the FTC said.

Many existing health IT services are not subject to the privacy and security requirements of the Health Insurance Portability and Accountability Act, which applies to healthcare providers such as doctors' offices, hospitals, and insurance companies. The stimulus package required the Health and Human Services Department to conduct a study and report by February 2010, in consultation with the FTC, on potential privacy and security requirements for vendors. In the meantime, the law required the FTC to issue a breach notification rule. Read details about the rule at www.ftc.gov/healthbreach.

On a related note, security expert Christopher Soghoian is leaving Harvard University's Berkman Center for Internet & Society to work as a technical consultant to FTC's Division of Privacy and Identity Protection in the Bureau of Consumer Protection. On his personal blog, Soghoian noted "the FTC has a lot of really smart lawyers, but they (currently) lack geek skills." He's an interesting hire given his self-admitted penchant for "railing against the oppressive surveillance state and the numerous privacy invasions committed by the law enforcement and intelligence agencies."

Juliana Gruenwald

Tech Writer

E-Mail: jgruenwald@nationaljournal.com.

Juliana Gruenwald has been covering tech and telecom issues for more than a decade for National Journal, Interactive Week, BNA and Congressional Quarterly. This is her second stint with National Journal. She was recruited by NJ in 1998 to help launch its first tech policy publication, Technology Daily. She left in 2000 to cover international tech and telecom issues for Ziff Davis Media's Interactive Week magazine. She started her career at United Press International as the wire service's first Helen Thomas Intern. She has a Bachelor of Arts degree from the University of Minnesota. A Minneapolis native, she misses the lakes but not the cold.

Josh Smith

Tech Reporter

E-Mail: joshsmith@nationaljournal.com.

Josh Smith covers technology policy as a staff reporter for National Journal. He previously interned at National Journal Daily, a Senate press office, and the Deseret News in Salt Lake City where he covered the state legislature, courts, and crime. In 2009 he graduated with honors from Southern Utah University after managing an award-winning student newspaper as editor-in-chief. Josh has received state, regional and national awards for his political and policy reporting, including first place in CapitolBeat’s 2009 Best of Statehouse Reporting college competition. A native of drop-dead-gorgeous Utah, Josh lives in Virginia with his wife, Amber.

HOME

WHITE HOUSE

POLITICS

CONGRESS

DOMESTIC POLICY

NATIONAL SECURITY

TECH

COLUMNS

BLOGS

POLLS

EVENTS