Nextgov – Proposed breach notification rule would affect more health vendors
Rules proposed by the Federal Trade Commission on April 16 on disclosure of breaches of personal health information would greatly expand the number of companies that would be subject to notifying individuals if their personal health data was exposed because records were lost or stolen, or because a hacker broke into a computer health network.
Vendors that offer personal health records and organizations not covered by the Health Insurance Portability and Accountability Act — which requires patient confidentiality — that access or send health information to or from a patient-controlled health record would be required to notify individuals whose personal data was exposed by a breach.
Such a definition would include online applications that allow individuals to connect monitoring devices — like blood pressure cuffs and blood glucose monitors — that send information to an electronic health record, such as Microsoft’s HealthVault or Google Health, the agency said. FTC did not identify specific vendors or products in its proposed rules.
via Nextgov – Proposed breach notification rule would affect more health vendors.