AUG 26, 2009 4:38am ET

Related Links

USAA Uses IBM's Watson to Help Members Adjust to Civilian Life
July 28, 2014
Mobile Now Mission Critical
July 28, 2014
Forrester: Social Plus Mobile Effective Way to Engage Prospects
July 28, 2014

Web Seminars

How Intelligent Digital Self-Service with Customer Analytics Can Lower Costs and Raise Revenue
July 29, 2014
Improve Omni-channel Shopping Experience with Product Information Management
August 21, 2014

FTC Breach Rule Now Official

Print
Reprints
Email

The Federal Trade Commission on Aug. 25 published in the Federal Register its final rule governing the reporting of data breaches by vendors of personal health records and online applications that interact with PHRs.

The rule has been available for more than a week but publication starts the clock on compliance (see healthdatamanagement.com/news/PHR-38824-1.html). The rule is effective Sept. 24, 2009, with full compliance required by Feb. 22, 2010. The rule explains the selected dates as follows:

"Two commenters expressed concern that the effective compliance date of 30 calendar days from the date of publication of this final rule would not allow covered entities sufficient time to come into compliance. In response, the Commission notes that the effective compliance date is mandated by the Recovery Act. Moreover, as discussed above, the Commission believes that in many instances the rule will apply to entities that already have obligations to provide notification of data breaches under certain state laws covering medical breaches. As a result, these entities can build upon their existing programs in order to come into compliance with this final rule. Nevertheless, the Commission has determined that it will use its enforcement discretion to refrain from imposing sanctions for failure to provide the required notifications for breaches that are discovered before February 22, 2010."

The Department of Health and Human Services recently published a separate rule that governs notification of data breaches by HIPAA-covered entities (see healthdatamanagement.com/news/stimulus-38838-1.html).

The official final FTC rule is available at gpoaccess.gov/fr/index.html.

This article can also be found at HealthDataManagement.com.

Get access to this article and thousands more...

All Information Management articles are archived after 7 days. REGISTER NOW for unlimited access to all recently archived articles, as well as thousands of searchable stories. Registered Members also gain access to:

  • Full access to information-management.com including all searchable archived content
  • Exclusive E-Newsletters delivering the latest headlines to your inbox
  • Access to White Papers, Web Seminars, and Blog Discussions
  • Discounts to upcoming conferences & events
  • Uninterrupted access to all sponsored content, and MORE!

Already Registered?

Filed under:

Advertisement

Comments (0)

Be the first to comment on this post using the section below.

Add Your Comments:
You must be registered to post a comment.
Not Registered?
You must be registered to post a comment. Click here to register.
Already registered? Log in here
Please note you must now log in with your email address and password.
Twitter
Facebook
LinkedIn
Login  |  My Account  |  White Papers  |  Web Seminars  |  Events |  Newsletters |  eBooks
FOLLOW US
Please note you must now log in with your email address and password.