Health Breach Notification Rule

OMB 3084-0150

OMB 3084-0150

The Health Breach Notification Rule ("Rule"), 16 C.F.R. Part 318, requires vendors of personal health records and PHR related entities to provide: (1) notice to consumers whose unsecured personally identifiable health information has been breached; and (2) notice to the Commission. The Rule only applies to electronic health records and does not include recordkeeping requirements. The Rule requires third party service providers (i.e., those companies that provide services such as billing or data storage) to notify vendors of personal health records and PHR related entities following the discovery of a breach; those entities in turn must provide notification to consumers and the Commission. To notify the FTC of a breach, the Commission developed a form for entities subject to the Rule to complete and return to the agency.

The latest form for Health Breach Notification Rule expires 2022-06-30 and can be found here.

OMB Details

Single-person Breaches

Federal Enterprise Architecture: Economic Development - Business and Industry Development

Form Not ApplicableNotice of Breach of Health Informationwww.ftc.gov/system/files/documents/rules/health-breach-notification-rule/r2911002_hbn_092015.pdfForm and instruction

Review document collections for all forms, instructions, and supporting documents - including paper/printable forms.


© 2024 OMB.report | Privacy Policy