What is the FTC Health Breach Notification Rule, and How is Compliance Determined?
The FTC Health Breach Notification Rule governs how certain companies that are not governed by HIPAA are required to respond to data breaches involving their users’ health data. It affects vendors of personal health records; businesses that sell products and services through these vendors or who collect and distribute medical data on their own; and organizations that use, maintain, disclose, or dispose of information relating to customers’ personal health records.
Companies must notify customers, the FTC, and/or the media whenever a third party—without permission—accesses unencrypted, electronically-stored health records that can be used to reasonably identify a business’s specific customers. In their notices, businesses must include details about the breach, the types of health information exposed, information about how they’re responding to the breach, and toll-free numbers or other resources that customers can use to learn more. Businesses may also be required to include suggested next steps customers can take to protect their health and sensitive personal information from identity fraud or other crimes. Violators of the rule could face up to $41,484 in fines per violation.
How Does FTC Health Breach Notification Rule Hosting Work?
Companies can avoid falling under the rule’s purview by encrypting their users’ health information. Abacus Private Cloud has the infrastructure and security measures in place to help you do this. Our HIPAA-compliant cloud hosting solution is built upon three layers of physical, server, and data security, and features multifactor authentication, dedicated IP addresses, 256-bit AES encryption, and more to protect your customers’ data at rest and in transit.
What Do I Need to Do to Audit & Maintain Compliance with the FTC Health Breach Notification Rule?
Our specialists are available 24/7 to provide unlimited cloud platform support. We can automate software and hardware updates, monitor your server and access controls, apply patches, and ensure your account is properly set up to fend off the latest cybercriminal tactics.