FTC Issues Health IT Breach Rule

On Monday the Federal Trade Commission issued a final rule requiring certain Web-based businesses to notify consumers when the security of their electronic health information is breached. Congress directed the consumer protection agency to issue the rule as part of the economic stimulus package and it applies to both vendors of personal health records - which provide online repositories that people can use to keep track of their health information - and entities that offer third-party applications for personal health records. Such applications include devices such as blood pressure cuffs or pedometers whose readings consumers can upload into their personal health records.