The Federal Trade Commission is assessing whether to make changes to a seldom-used, decade-old health data breach notification rule for personal health record vendors and other companies that do not fall under the umbrella of HIPAA.
The FTC is asking for comments on whether the rule's definitions of a PHR-related entity, third-party service provider or vendor of personal health records should be modified in light of changing technological and economic conditions, such as the proliferation of mobile health applications, virtual assistants offering health services, and platforms' health tools.
David Holtzman, Executive Advisor at CynergisTek, contributes this article, which focuses on how the FTC is assessing whether to make changes to a seldom-used, decade-old health data breach notification rule for personal health record vendors and other companies that do not fall under the umbrella of HIPAA. The Commission is asking for opinions on whether the rule's definitions of a PHR-related entity, third-party service provider, or vendor of personal health records should be modified in light of technological and economic changes.
Click here to read the full story.
