The House of Representatives passed H.R. 3763, a bill that amends the Fair Credit Reporting Act to provide for an exclusion from Red Flag Guidelines for certain businesses. As passed by the House, the following would not be considered “creditors” under the new Red Flag Rules: a health care practice with 20 or fewer employees…
Category: Federal
Consumer Watchdog Asks HHS to Repeal Rule Allowing Health Care Providers to Decide When Notification of Breached Electronic Medical Records is Necessary
Consumer Watchdog today called on the Health and Human Services Department to repeal a rule that allows health care providers and insurers to decide whether consumers must be notified when the security of their electronic confidential health information has been breached. In a letter to HHS Secretary Kathleen Sebelius the nonprofit, nonpartisan consumer advocacy group…
IE: Data breach consultation paper now out
TJ McIntyre writes on IT Law in Ireland: The Data Protection Review Group has now published a consultation paper (pdf) on reforming Irish law on notification of data breaches. Pages 33-38 on possible regulatory options are particularly useful, though the group is clearly hampered by the fact that any national reforms might soon be out…
Lawmakers: lower bar for health IT data breach notification
Roy Mark reports: Two key chairmen of U.S. House committees Oct. 1 urged HHS (Health and Human Services) Secretary Kathleen Sebelius to revise or appeal the agency’s controversial “harm standard” that would trigger a personal health record data breach notification. Under the current rules, companies that secure health information using encryption or destruction, no breach…
FTC issues Health Breach Notification Rule
<blockquote>The Federal Trade Commission (“FTC” or “Commission”) is issuing this final rule, as required by the American Recovery and Reinvestment Act of 2009 (the “Recovery Act” or “the Act”). The rule requires vendors of personal health records and related entities to notify consumers when the security of their individually identifiable health information has been breached….
Data security breach notification law update
Hunton & Williams provide a nice roundup of data breach notification law changes during the month of July. On July 1, breach notification laws in Alaska and South Carolina went into effect. On July 9, Missouri became the 45th state to enact a data breach notification law. On July 22, Senator Patrick Leahy reintroduced a…