The Federal Trade Commission's (“FTC”) Health Breach Notification Rule (“Rule”) requires vendors of “personal health records” (“PHR vendors”) to notify consumers and the FTC in the event that the security of personally identifiable health information in a PHR maintained by the PHR vendor is breached. 16 C.F.R. § 318.3(a). Compliance with the Rule is required by February 22, 2010. 74 Fed. Reg. 42,962, 42,962 (Aug. 25, 2009).
Please see full publication below for more information.