FTC Supports Breach Notification Bill
The FTC's testimony this week called for additions to the bill:
- The provision that requires that companies notify consumers in the event of an information security breach should not be limited to entities that possess data in electronic form
- The proposed requirements should be extended so that they apply to telephone companies
- The bill should grant the agency rulemaking authority to determine circumstances under which providing free credit reports or credit monitoring may not be warranted
The bill extends civil action power to state attorneys general, much like HITECH does. It includes a maximum of $11,000 per day for each day an entity is found not to be in compliance and caps a single violation at:
- $5 million for each violation of the security and compliance requirements
- $5 million for all violations of the breach notification requirements
Read more about the bill's security and compliance requirements.
Dom Nicastro is a contributing writer. He edits the Medical Records Briefings newsletter and manages the HIPAA Update Blog.
- Senators Hear How Two-Midnight Rule Harms Patients, Hospitals
- 3 Management Lessons from a Supermarket Debacle
- Medicare Advantage Carriers See 'No Choice' But to Accept Cuts
- Physicians to Appeal 'Docs v. Glocks' Ruling in FL
- Handshaking Spreads Germs. Get Over It.
- IOM Identifies GME Problems, Calls for Finance Changes
- Healthcare Costs Start With What We Eat
- Revenue Cycles Get a Boost from Simple JPEG Files
- Hospitals Likely to Outsource ICD-10 at Launch
- Anatomy of 3 Health System Rebranding Efforts