Health Breach Notification Rulemaking
I want the ability to opt out of the system, and I want to make protections as comprehensive as possible. The FTC says approximately 200 vendors of personal health records (PHRs) and 500 PHR-related entities will be covered by the FTC’s proposed rule. Additionally, 200 third-party service providers will be subject to the rule. So in the event of a privacy breach, about 900 entities would be subject to the proposed rule’s breach notification requirements. What about Medicare records? Medicare regulations currently permit up to 600,000 individuals, institutions, and entities to read our medical records in electronic form at any time without our knowledge or consent. I consider this a major breach. How will this be coordinated?