FTC Final Breach Notification Form

On August 24, 2009, in Documents, by AQ-IQ LLC

Are you in the business of offering or maintaining personal health records? Does your company offer products or services that interact with personal health records – for example, an online weight tracking program that sends information to a personal health record or pulls information from it? If that describes your line of work – and if you’re not covered by the Health Insurance Portability & Accountability Act (HIPAA) – the law requires you to take steps if you’ve had a breach involving information in a personal health record not secured in a certain way.

Under the law, 16 C.F.R. Part 318, you must:

  1. Notify everyone whose information was breached;
  2. In many cases, notify the media; and
  3. Notify the Federal Trade Commission (FTC).

The FTC has designed this form to make it easier for you to report a breach to them. For more on notifying the people whose information was breached, visit www.ftc.gov/healthbreach.

Download the FTC Rule, as published in the Federal Register, HERE.  (PDF format, 88 pgs, 387KB)

Download the FTC Breach Notification Form, HERE. (PDF format, 3 pgs, 198KB)


Comments are closed.