Teneille Brown, Joshua Auriemma, and I helped Patient Privacy Rights draft the public comments it submitted to the Federal Trade Commission on Monday. Thanks to Patient Privacy Rights executive director Ashley Katz for the opportunity to assist.
The FTC sought comment on a proposed interim rule that would require certain entities to notify consumers upon the unauthorized acquisition of electronic health information.
Patient Privacy Rights' recommendations include:
*Clarifying that the rule covers Microsoft HealthVault, Google Health, and similar entities that deal in electronic health information.
*Requiring entities to keep an audit trail of unauthorized access and clarifying that publishing electronic health information on the web constitutes "acquisition" under the rule.
*Reconsidering the position that de-identified electronic health information may be excluded from the proposed interim rule in all instance.
The final comments are attached.