[Med-privacy] proposed FTC rule

peter marshall pwm@comcast.net
Mon, 20 Apr 2009 10:46:15 -0700 

--Apple-Mail-69--50629228
Content-Transfer-Encoding: 7bit
Content-Type: text/plain;
	charset=US-ASCII;
	format=flowed

  FTC PUBLISHES PROPOSED BREACH NOTIFICATION RULE FOR ELECTRONIC HEALTH 
INFORMATION
  [SOURCE: Federal Trade Commission, AUTHOR: Press release]
  The Federal Trade Commission announced that it is seeking public 
comment on a proposed rule that would require entities to notify 
consumers when the security of their electronic health information is 
breached. The American Recovery and Reinvestment Act of 2009 (the 
Recovery Act) includes provisions to advance the use of health 
information technology and, at the same time, strengthen privacy and 
security protections for health information. Among other things, the 
Recovery Act recognizes that there are new types of Web-based entities 
that collect or handle consumers' sensitive health information. Some of 
these entities offer personal health records, which consumers can use 
as an electronic, individually controlled repository for their medical 
information. Others provide online applications through which consumers 
can track and manage different kinds of information in their personal 
health records. For example, consumers can connect a device such as a 
pedometer to their computers and upload miles traveled, heart rate, and 
other data into their personal health records. These innovations have 
the potential to provide numerous benefits for consumers, which can 
only be realized if they have confidence that the security and 
confidentiality of their health information will be maintained. To 
address these issues, the Recovery Act requires the Department of 
Health and Human Services to conduct a study and report, in 
consultation with the FTC, on potential privacy, security, and breach 
notification requirements for vendors of personal health records and 
related entities. This study and report must be completed by February 
2010. In the interim, the Act requires the Commission to issue a 
temporary rule requiring these entities to notify consumers if the 
security of their health information is breached. The proposed rule the 
Commission is announcing is the first step in implementing this 
requirement.
http://benton.org/node/24387
--Apple-Mail-69--50629228
Content-Transfer-Encoding: 7bit
Content-Type: text/enriched;
	charset=US-ASCII

<fontfamily><param>Verdana</param><smaller> FTC PUBLISHES PROPOSED
BREACH NOTIFICATION RULE FOR ELECTRONIC HEALTH INFORMATION

 [SOURCE: Federal Trade Commission, AUTHOR: Press release]

 The Federal Trade Commission announced that it is seeking public
comment on a proposed rule that would require entities to notify
consumers when the security of their electronic health information is
breached. The American Recovery and Reinvestment Act of 2009 (the
Recovery Act) includes provisions to advance the use of health
information technology and, at the same time, strengthen privacy and
security protections for health information. Among other things, the
Recovery Act recognizes that there are new types of Web-based entities
that collect or handle consumers' sensitive health information. Some
of these entities offer personal health records, which consumers can
use as an electronic, individually controlled repository for their
medical information. Others provide online applications through which
consumers can track and manage different kinds of information in their
personal health records. For example, consumers can connect a device
such as a pedometer to their computers and upload miles traveled,
heart rate, and other data into their personal health records. These
innovations have the potential to provide numerous benefits for
consumers, which can only be realized if they have confidence that the
security and confidentiality of their health information will be
maintained. To address these issues, the Recovery Act requires the
Department of Health and Human Services to conduct a study and report,
in consultation with the FTC, on potential privacy, security, and
breach notification requirements for vendors of personal health
records and related entities. This study and report must be completed
by February 2010. In the interim, the Act requires the Commission to
issue a temporary rule requiring these entities to notify consumers if
the security of their health information is breached. The proposed
rule the Commission is announcing is the first step in implementing
this requirement.

<color><param>0000,0000,EEEE</param>http://benton.org/node/24387</color></smaller></fontfamily>
--Apple-Mail-69--50629228--