Updates to our Terms of Use

We are updating our Terms of Use. Please carefully review the updated Terms before proceeding to our website.

Monday, March 18, 2024 | Back issues
Courthouse News Service Courthouse News Service

FTC Requires Notice|for Privacy Breaches

WASHINGTON (CN) - The Federal Trade Commission issued final regulations requiring vendors of personal health records and related companies to notify their customers when the security of their individually identifiable health information has been breached.

Customers must be notified of security breaches within 60 days after discovering a breach. Consumers will be notified by first-class mail or, if specified as a preference by the individual, by email. If there is insufficient contact information for more than ten individuals whose records have been compromised, the company must use a substitute notice, through the media or a web posting.

Vendors, and related companies, of personal health records do not include entities covered by the Health Insurance Portability and Accountability Act, such as hospitals, doctors' offices and health insurance companies, which are regulated by the Department of Health and Human Services. Vendors who work with HIPPA covered entities can, through their contracts determine who is responsible for notifying customers of a breach. For instance, many group health plans use third party contractors to manage their members' personal health records and if a breach occurs either entity can inform the consumer under the new rule.

Click on the document icon for this and other regulations.

Categories / Uncategorized

Subscribe to Closing Arguments

Sign up for new weekly newsletter Closing Arguments to get the latest about ongoing trials, major litigation and hot cases and rulings in courthouses around the U.S. and the world.

Loading...