Markle, the Center for Democracy and Technology, and others comment on the new federal health data breach notification provisions to be administered by the US Department of Health and Human Services.
Our comments rest on the need for a consistent and consumer-oriented approach to privacy and security policies for personal health records (PHRs). We understand this issue will be broadly addressed in the forthcoming HHS and FTC privacy and security recommendations for PHRs, but we strongly recommend that HHS and FTC take this early opportunity to align policies and make them meaningful to consumers who must be able to navigate their use of PHRs.