Skip Navigation

NAID Submits Comment on FTC Health Data Breach

Bookmark and Share

On June 1st, NAID submitted its Official Comments to the Federal Trade Commission(FTC) regarding its proposed Health Data Breach Notification Rule.  When final, the new regulatory provision will dictate how and when “PHR-related entities” and “third party processors” will have to provide notification to authorities, the media, and affected individuals in the event of a data breach.  Both of these new regulated categories were created under the changes to HIPAA in the ARRA/HITECH legislation signed into law on February 17th and fall under FTC jurisdiction.  Health Data Breach Notification will also be required for traditional Covered Entities and Business Associates, but that proposed rule has yet to be published by Health and Human Services (HHS). 

Last month, NAID published a white paper titled Changes to HIPAA and their Impact on the Information Destruction Industry which will also appear in the June 2009 edition of NAIDnews, along with two companion pieces regarding the significance of breach notification laws and how changes to HIPAA will influence the competitive arena. 

Details on the release of the new HIPAA/HITECH Business Associate Contract, being finalized by NAID and one of the leading privacy attorneys in the country, will be announced soon.  The new contract language is required by the revised regulation.