When Security is Breached, What Happens
Public comments are being accepted through June 1, 2009, by the Federal Trade Commission (FTC) on a proposed rule that would require notification of consumers when the security of their electronic health information is breached. According to healthcare attorney W. Reece Hirsch, the FTC is under a tight schedule to issue a final rule by August 17, 2009. The new rule will cover entities not covered normally under HHS/HIPAA requirements (existing legislation relating to privacy of medical records).
The FTC says approximately 200 vendors of personal health records (PHRs) and 500 PHR-related entities will be covered by the FTC’s proposed rule. Additionally, 200 third-party service providers will be subject to the rule. So in the event of a privacy breach, about 900 entities would be subject to the proposed rule’s breach notification requirements.
The FTC estimates that there will be about eleven breaches of medical record security and privacy per year. These are only unauthorized breaches. Numerous parties will also be authorized to access your personal medical records.
One major concern is that individuals cannot opt out of having their medical records in the database. Another is the price tag: switching to electronic records will cost over $1 billion. Many medical experts feel the claim that the system will generate $80 billion in savings is wildly unsupported and that it may bring very few savings indeed.
The privacy of your medical records is an important issue for each of us. Read the text of the proposal at the FTC website, then file your public comment by going tohttps://secure.commentworks.com/ftc-healthbreachnotification and following the instructions at that site. Let the FTC know that you want the ability to opt out of the system, and that you want to make protections as comprehensive as possible.