At a recent House subcommittee hearing technology experts again called for a national data breach notification law that would pre-empt state regulations, which vary in 46 states and Washington, DC. as to what companies must do to notify consumers about a data breach.
"There currently are no national information security or data breach regulations." -Although this most recent hearing did not address the impact of a national breach notification law on health data presumably any federal laws would cover health-related information not protected by HIPAA.
CQ Roll Call
An example is personally identifiable records in health websites, which are impacted by breach laws in most states, could be affected by a more general federal breach law. Such health and fitness sites as well as mobile apps have are coming under increasing criticism and scrutiny for the laxity and opacity of their data sharing activities.
What do you think? Is a federal breach notification law needed? Will it contribute to protecting consumers' health data?
Download a white paper on patient privacy breach detection. Learn how to proactively identify unauthorized breaches of patient data privacy, even by authorized users - with no hardware and no on-site software.Sources:
(a) National Data Breach Policy Could Have Health Care Implications - www.iHealthBeat.org, 07/19/2013