FTC issues Health Breach Notification Rule

The Federal Trade Commission (â€œFTCâ€ or â€œCommissionâ€) is issuing this final rule, as required by the American Recovery and Reinvestment Act of 2009 (the â€œRecovery Actâ€ or â€œthe Actâ€). The rule requires vendors of personal health records and related entities to notify consumers when the security of their individually identifiable health information has been breached.

DATES: This rule is effective [insert date 30 days after date of publication in the FEDERAL REGISTER]. Full compliance is required by [insert date 180 days after date of publication in the FEDERAL REGISTER].

The rule can be found on the FTC’s site (pdf, 88 pp.). There will be more coverage of this after everyone has a chance to read through it.

See also the Health Breach Notification form (pdf) and the FTC’s press release.

Maintenance Note
CISA Alert: Reported Supply Chain Compromise Affecting XZ Utils Data Compression Library, CVE-2024-3094
System Status Note
System Status Note
Fraudster's fake data breach claims should remind media to be careful what we report
"Pompompurin" taken into custody after violating conditions of pre-sentencing release on bond (1)

Related: