FTC Assessing Whether Its Health Data Breach Rule Is Stale

May 11, 2020

FTC Assessing Whether Its Health Data Breach Rule Is Stale

The Federal Trade Commission is assessing whether to make changes to a seldom-used, decade-old health data breach notification rule for personal health record vendors and other companies that do not fall under the umbrella of HIPAA.

The FTC is asking for comments on whether the rule's definitions of a PHR-related entity, third-party service provider or vendor of personal health records should be modified in light of changing technological and economic conditions, such as the proliferation of mobile health applications, virtual assistants offering health services, and platforms' health tools.

David Holtzman, Executive Advisor at CynergisTek, contributes this article, which focuses on how the FTC is assessing whether to make changes to a seldom-used, decade-old health data breach notification rule for personal health record vendors and other companies that do not fall under the umbrella of HIPAA. The Commission is asking for opinions on whether the rule's definitions of a PHR-related entity, third-party service provider, or vendor of personal health records should be modified in light of technological and economic changes.

Click here to read the full story.

Previous Article
Ransomware Attackers Exfiltrate Data From Magellan Health
Ransomware Attackers Exfiltrate Data From Magellan Health

Magellan Health, a U.S. managed care company that focuses on specialty areas of healthcare, says it was hit...

Next Article
The CyberWire Daily Podcast - Episode 1085
The CyberWire Daily Podcast - Episode 1085

Cyberwire’s latest podcast features Caleb Barlow as he discusses Alan Brunacini’s concept of an Incident Ac...