FTC Assessing Whether Its Health Data Breach Rule Is Stale

May 11, 2020

FTC Assessing Whether Its Health Data Breach Rule Is Stale

The Federal Trade Commission is assessing whether to make changes to a seldom-used, decade-old health data breach notification rule for personal health record vendors and other companies that do not fall under the umbrella of HIPAA.

The FTC is asking for comments on whether the rule's definitions of a PHR-related entity, third-party service provider or vendor of personal health records should be modified in light of changing technological and economic conditions, such as the proliferation of mobile health applications, virtual assistants offering health services, and platforms' health tools.

David Holtzman, Executive Advisor at CynergisTek, contributes this article, which focuses on how the FTC is assessing whether to make changes to a seldom-used, decade-old health data breach notification rule for personal health record vendors and other companies that do not fall under the umbrella of HIPAA. The Commission is asking for opinions on whether the rule's definitions of a PHR-related entity, third-party service provider, or vendor of personal health records should be modified in light of technological and economic changes.

Click here to read the full story.

Previous Article
Ground telehealth applications in security -- now
Ground telehealth applications in security -- now

David Finn discusses the recent exposure of recorded patient consultations by Babylon Health.

Next Article
GAO: HHS Has Failed to Act on Security Recommendations
GAO: HHS Has Failed to Act on Security Recommendations

The Government Accountability Office says it has made dozens of recommendations to HHS that have yet to be ...