News

Enforcement of HHS and FTC Breach Notification Rules Begin Today

22 February 2010
Image
Image

Enforcement of the Department of Health and Human Services’ (“HHS’”) and the Federal Trade Commission’s (“FTC’s”) Breach Notification rules begin today. Both agencies initially exercised their enforcement discretion and delayed enforcement until February 22, 2010, to provide entities subject to the rules with time to implement compliance processes and procedures.

HHS’ interim final rule on breach notifications, issued on August 24, 2009, requires entities covered by HIPAA and their business associates to provide notification following discovery of a breach of security involving an individual’s unsecured protected health information.  Under the rule, covered entities are also required to notify the HHS Secretary. For breaches affecting fewer than 500 individuals that occurred during calendar year 2009 and after the September effective date of the HHS breach rule, notification to the Secretary must be submitted by March 1, 2010. 

The FTC breach rule, issued on August 17, 2009, applies to vendors of personal health records, PHR-related entities and third-party service providers. 

 

Authored by Melissa Bianchi.

Contacts

bio-image

Melissa K. Bianchi

Partner

location Washington, D.C.

View more

Additional Resources

Related topics

Related countries

Load more

Related keywords

Load more

Articles you may be interested in

image_1
News

The Data Chronicles | The future of health privacy policy in the U.S.

24 April 2025
image_1
News

The Data Chronicles | Data protection in the Asia Pacific region | Trends, enforcement, and what’s ahead

17 April 2025
image_1
News

NIST finalizes cybersecurity incident response framework profile aligned with CSF 2.0

14 April 2025
image_1
News

The Data Chronicles | AI issue spotting | AI's growing impact on U.S. antitrust regulation

10 April 2025
image_1
News

The Data Chronicles | AI issue spotting | AI agents' data privacy and governance considerations

03 April 2025
image_1
News

The Data Chronicles | Unlocking the EU Data Act | What it means for connected products and related services

27 March 2025
image_1
News

The Data Chronicles | Unlocking the EU Data Act | Impact on cloud providers and cloud users

20 March 2025
image_1
News

The Data Chronicles | Unlocking the EU Data Act | What you need to know

13 March 2025
image_1
News

The Data Chronicles | The AI dilemma | Balancing GDPR and innovation in the EU

06 March 2025
left_arrow
right_arrow

Search

arrow
arrow

Register now to receive personalized content and more!

 

Register
close
See benefits
Register