Skip to Content

CDT Comments on FTC Health Data Breach Notification Rulemaking

CDT, together with the Markle Foundation and others, filed comments with the Federal Trade Commission (FTC) regarding new requirements on how to notify patients when unsecured personal health record (PHR) data has been breached. In the comments, CDT called on FTC to work with the Department of Health and Human Services to ensure consistency between their respective breach notification rules. CDT also recommended that FTC narrow the discretion of entities to determine whether an unauthorized party has acquired breached data. In addition, the comments urged FTC to incorporate major Internet news outlets as acceptable media vehicles for notifying patients of data breaches.