You are viewing an archived webpage. The information on this page may be out of date. Learn about EPIC's recent work at

FTC Issues Final Breach Notification Rule for Electronic Health Information

The Federal Trade Commission issued a final rule requiring breach notification by vendors of medical records and related entities. In June, EPIC submitted comments recommending that all entities handling electronic health records be subject to the regulation and that the FTC should establish a central location to track and announce breaches. The FTC modified the rule accordingly. EPIC had also recommended that information "accessed" be treated as "acquired", substitute media notices be used as supplemental notification, verification of data breach notices be required, minimum security standards be created, penalties for violations be assessed, and the creation of "safe-harbors" for de-identified data be opposed. The rule was mandated under the American Recovery and Reinvestment Act. See EPIC Medical Privacy and EPIC Identity Theft.

« Canadian Privacy Commissioner's Deadline for Facebook Arrives, Some Changes are Made at the Social Network Company | Main | Following Canadian Investigation, Facebook Upgrades Privacy »

Share this page:

Defend Privacy. Support EPIC.
US Needs a Data Protection Agency
2020 Election Security