Not Applicable Notice of Breach of Health Information

Health Breach Notification Rule

2024.05.22 Notice of Breach of Health Information Form Reporting Form

OMB: 3084-0150

Document [pdf]
Download: pdf | pdf
Federal Trade Commission
The nation’s consumer protection agency

Notice of Breach of Health Information
Are you in the business of offering or maintaining “personal health records” as defined in the FTC’s Health Breach
Notification Rule? Does your company offer products or services that interact with personal health records – for example,
an online weight tracker that sends health information to a personal health record or pulls information from it? If that
describes your business or product – and if you’re not covered by the Health Insurance Portability & Accountability Act
(HIPAA) – the law requires you to take steps if you’ve had a breach involving information in a personal health record not
secured in a certain way. Under the law, 16 C.F.R. Part 318, you must:
1.
Notify everyone whose information was breached;
2.
Notify the Federal Trade Commission (FTC); and
3.
In some cases, notify the media.
The FTC has designed this form for you to report a breach to us. For more on notifying the people whose information
was breached, visit Complying with FTC’s Health Breach Notification Rule.
For all breaches
Submit this online form by clicking “Start Form” below. Make sure to complete all fields. Include your own contact
information. Don’t include any personally identifiable information involved in the breach.
Timelines
For breaches involving the records of 500 or more people
Submit this online form at the same time you notify the people whose information was breached. Under the Rule, that
means as soon as you can and no later than 60 days after discovering the breach.
For breaches involving the records of fewer than 500 people
Submit this online form by the 60th day of the calendar year following the breach. For example, if you discover a
breach involving fewer than 500 people on September 30, 2024, submit this online form to the FTC no later than
60 days into the calendar year of 2025. If you experience multiple breaches like this in one calendar year – for
example, one on September 30th in 2024 involving fewer than 500 people and another on November 1st in 2024
involving fewer than 500 people – submit this online form for each breach, and submit it to the FTC no later than
60 days into the calendar year of 2025.
Questions? Email the FTC at Healthbreach@ftc.gov, or call us at (202) 326-2918.
Paperwork Reduction Act Statement: Under the Paperwork Reduction Act, as amended, an agency may not conduct or sponsor, and
a person is not required to respond to, a collection of information unless it displays a currently valid OMB control number and expiration
date. The OMB control number is 3084-0150 and the expiration date is 07/31/25.


File Typeapplication/pdf
File Modified0000-00-00
File Created0000-00-00

© 2024 OMB.report | Privacy Policy