P&C Insurers Are Not “PHR Vendors” Under FTC HITECH Rule


The Federal Trade Commission's (“FTC”) Health Breach Notification Rule (“Rule”) requires vendors of “personal health records” (“PHR vendors”) to notify consumers and the FTC in the event that the security of personally identifiable health information in a PHR maintained by the PHR vendor is breached. 16 C.F.R. § 318.3(a). Compliance with the Rule is required by February 22, 2010. 74 Fed. Reg. 42,962, 42,962 (Aug. 25, 2009).

Please see full article below for more information.

LOADING PDF: If there are any problems, click here to download the file.