Citation Edit

Health Breach Notification Rule, 16 C.F.R. §318.

Overview Edit

The Rule requires entities to provide data security breach notification to an individual if they have a reasonable basis to believe the data can be linked to that individual.

Under the Rule, companies that have had a security breach must:

The FTC has designed a [standard form] for companies to use to notify the FTC of a breach and periodically posts a list of breaches for which it received notice under the Rule. A brochure for businesses, "Complying with the FTC's Health Breach Notification Rule," explains who is covered by the Rule and offers guidance on what to do in case of a breach. FTC enforcement began on February 22, 2010.

The Rule applies only to health information that is not secured through technologies specified by the Department of Health and Human Services. Also, the Rule does not apply to businesses or organizations covered by the Health Insurance Portability and Accountability Act of 1996 (HIPAA). In case of a security breach, entities covered by HIPAA must comply with HHS' breach notification rule.

Ad blocker interference detected!

Wikia is a free-to-use site that makes money from advertising. We have a modified experience for viewers using ad blockers

Wikia is not accessible if you’ve made further modifications. Remove the custom ad blocker rule(s) and the page will load as expected.