Aug 17 2009

FTC Issues Final Rule on PHR Security Breaches

The Federal Trade Commission published its final rule requiring vendors of web-based personal health records to notify consumers when security of their information has been breached. Impacted vendors include many that do not have to comply with HIPAA, such as occupational health vendors that host employee health records and vendors who sell devices that include an option to upload data to a personal record. The rule can be found on the FTC web site.