Health Breach Notification Rulemaking
As a Healthcare Provider I am aware of some of the issues of security and health information. Medical records are the most personal of all information that anyone will expose to another human. Data breaches occur constantly in our society and in order to build awareness of the possible problems that could occur when this happens, we as a society need to know when this happens. In the American Recovery and Reinvestment Act (ARRA), under the section titled “Improved Privacy Provisions and Security Provisions,” there should be provision made to require data breaches for both secured and unsecured personnel health records (PHRs) to be reported. Most importantly it should also be the right of patients to opt out of the use electronic medical records or electronically transmitted data. Should not Americans be notified about breaches of secured PHRs in addition to breaches of unsecured data? If so, the FTC should encourage Congress and the White House to amend the ARRA to offer greater consumer protections regarding Americans’ personal health information. Most people will be unable to tell if their medical records are secured or unsecured and all records should be secured. In closing, data breaches will happen no matter what anyone does about it. We need to think carefully about how this information will be used by criminals, terrorists, foreign governments and transnational companies that will get their hands on this information and use it to harm Americans that have done nothing except go to the doctor to get help for their medical problems. As this information becomes more and more centralized, the amount of harm from a data breach is amplified exponentially.