From CDT.org:
CDT, together with the Markle Foundation and others, filed comments with the Federal Trade Commission (FTC) regarding new requirements on how to notify patients when unsecured personal health record (PHR) data has been breached.
In the comments, CDT called on FTC to work with the Department of Health and Human Services to ensure consistency between their respective breach notification rules. CDT also recommended that FTC narrow the discretion of health care entities to determine whether an unauthorized party has acquired breached data. In addition, the comments urged FTC to incorporate major Internet news outlets as acceptable media vehicles for notifying patients of data breaches.
CDT Joint Comments On Notice of Proposed Rulemaking [PDF], June 01, 2009:
www.cdt.org/healthprivacy/20090601_ftc_breach_comments.pdf
Text of FTC’s Notice of Proposed Rulemaking [PDF], April 16, 2009:
www.cdt.org/healthprivacy/FTC_NOI_breach.pdf