The federal government is taking public comment on a rule regarding
notification when electronic medical records are breached. The rule
says consumers should be notified only if substantial harm has
occurred. Critics say that’s too high a standard.
Earlier this year, Congress passed a bill directing the Health and
Human Services Department to draft a rule about protecting electronic
medical records. Supporters said consumers should be notified whenever
a breach has occurred.
The way the rule is written, companies that protect the data can decide whether to inform the public.
John Simpson, with the group Consumer Watchdog, says that’s wrong.
"Once you set a standard that lets the companies essentially say,
‘we’ll weigh it on this scale, and gee, maybe we’d better do this,’
that gets it awfully easy to just let them sweep it under the rug,"
Some members of Congress have asked that the rule be changed. Public comment on the regulation ends this week.