Personal health records rule cracks down on vendors

Vendors must notify consumers of breaches

The Federal Trade Commission has released a final rule that requires vendors that provide personal health records (PHRs) online to alert consumers if the security if their information has been breached.

Congress directed the FTC to establish the rule in the economic stimulus law and it became final Aug. 17.

The rule applies to vendors of PHRs, which are online systems that allow consumers to collect and store their medical records in a single location. Microsoft HealthVault and Google Health both offer such services.

The rule also applies to vendors of online applications that interact with the PHRs. Many of the PHRs are not covered by the privacy and security stipulations of the Health Insurance Portability and Accountability Act.

The FTC rule is intended to fill a temporary gap. Under the stimulus law, the Health and Human Services Department, in consultation with the FTC, will need to prepare a report to Congress recommending broader privacy, security and breach notification measures by February 2010. Until Congress acts on those measures, the FTC rule is supposed to close a gap.

The economic stimulus law gave HHS $45 billion to distribute to doctors and hospitals to promote adoption of electronic health records, which are clinical patient records originated by a doctor or hospital. However, HHS also is giving some attention to PHRs. In May, the department began testing a standardized online template for PHRs to give consumers a way to compare one record system with another.

About the Author

Alice Lipowicz is a staff writer covering government 2.0, homeland security and other IT policies for Federal Computer Week.

Rising Stars

Meet 21 early-career leaders who are doing great things in federal IT.

Featured

  • SEC Chairman Jay Clayton

    SEC owns up to 2016 breach

    A key database of financial information was breached in 2016, possibly in support of insider trading, said the Securities and Exchange Commission.

  • Image from Shutterstock.com

    DOD looks to get aggressive about cloud adoption

    Defense leaders and Congress are looking to encourage more aggressive cloud policies and prod reluctant agencies to embrace experimentation and risk-taking.

  • Shutterstock / Pictofigo

    The next big thing in IT procurement

    Steve Kelman talks to the agencies that have embraced tech demos in their acquisition efforts -- and urges others in government to give it a try.

  • broken lock

    DHS bans Kaspersky from federal systems

    The Department of Homeland Security banned the Russian cybersecurity company Kaspersky Lab’s products from federal agencies in a new binding operational directive.

  • man planning layoffs

    USDA looks to cut CIOs as part of reorg

    The Department of Agriculture is looking to cut down on the number of agency CIOs in the name of efficiency and better communication across mission areas.

  • What's next for agency cyber efforts?

    Ninety days after the Trump administration's executive order, FCW sat down with agency cyber leaders to discuss what’s changing.

Reader comments

Thu, Aug 20, 2009 Sean

PHR is the way to go. People need to be responsible of their health. Ever since I became a member of PHRservice.com, I have been making conscientious decisions about my health.

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above

More from 1105 Public Sector Media Group