FTC: No Major PHR Breaches So Far

Only Incidents Listed Are Lost or Stolen Credentials
October 11, 2010 - Howard Anderson, Managing Editor, HealthcareInfoSecurity.com
 
In the year since the breach notification rule for personal health records took effect, no major breaches affecting 500 or more individuals have been reported, according to the Federal Trade Commission.

A personal health record is an "electronic record of identifiable health information on an individual that can be drawn from multiple sources and that is managed, shared and controlled by or primarily for the individual," according to the FTC.

Last year, the FTC issued a PHR breach notification rule, as called for under the HITECH Act. Under the rule, which took effect Sept. 24, 2009, major breaches must be reported to the FTC within 10 business days. PHR vendors, and certain companies with which they do business, must report any size breach to the individuals affected within 60 days. But they only have to report the smaller incidents to the FTC annually, 60 days after the start of the calendar year.

To read the entire article, click here - http://www.govinfosecurity.com/articles.php?art_id=2996&rf=2010-10-12-eg