AGENCY:
Federal Trade Commission (FTC).
ACTION:
Notice and request for comment.
SUMMARY:
The FTC requests that the Office of Management and Budget (OMB) extend for three years the current Paperwork Reduction Act (PRA) clearance for information collection requirements contained in the agency's Health Breach Notification Rule (or Rule). That clearance expires on June 30, 2022.
DATES:
Comments must be received by July 6, 2022.
ADDRESSES:
Written comments and recommendations for the proposed information collection should be sent within 30 days of publication of this notice to www.reginfo.gov/public/do/ PRAMain. Find this particular information collection by selecting “Currently under 30-day Review—Open for Public Comments” or by using the search function. The reginfo.gov web link is a United States Government website produced by OMB and the General Services Administration (GSA). Under PRA requirements, OMB's Office of Information and Regulatory Affairs (OIRA) reviews Federal information collections.
FOR FURTHER INFORMATION CONTACT:
Ryan Mehm, Attorney, Bureau of Consumer Protection, (202) 326-2918, Federal Trade Commission, 600 Pennsylvania Ave. NW, Washington, DC 20580.
SUPPLEMENTARY INFORMATION:
Title: Health Breach Notification Rule.
OMB Control Number: 3084-0150.
Type of Review: Extension of a currently approved collection.
Likely Respondents: Vendors of personal health records, PHR related entities and third party service providers.
Estimated Annual Hours Burden: 4,654.
Estimated Frequency: 2,500 single-person breaches per year and 0.33 major breaches per year.
Total Annual Labor Cost: $90,739.
Due to newly available information on hourly wage rates, the estimated annual labor costs were adjusted downward from $90,741 in the 60-Day FR Notice to $90,739 in the 30-Day FR Notice. See the updated mean hourly wages found at https://www.bls.gov/news.release/ocwage.htm (“Occupational Employment and Wages—May 2021,” U.S. Department of Labor, released March 31, 2022, Table 1 (“National employment and wage data from the Occupational Employment Statistics survey by occupation, May 2021”).
Total Annual Capital or Other Non-Labor Cost: $31,632.
Due to newly available information on hourly wage rates, the estimated annual labor costs were adjusted upward from $31,056 in the 60-Day FR Notice to $31,632 in the 30-Day FR Notice. See footnote 1 for the updated source of this information.
Abstract: The Health Breach Notification Rule (Rule), 16 CFR part 318, requires vendors of personal health records (PHR) and PHR related entities to provide notice to: (1) consumers whose unsecured personally identifiable health information has been breached; (2) the Commission; and (3) in some cases, the media. The Rule only applies to electronic health records and does not include recordkeeping requirements. The Rule requires third party service providers ( e.g., those companies that provide services such as billing or data storage) to vendors of personal health records and PHR related entities to provide notification to such vendors and PHR related entities following the discovery of a breach. To notify the FTC of a breach, the Commission developed a simple, two-page form, which is posted at https://www.ftc.gov/system/files/documents/rules/health-breach-notification-rule/health_breach_form.pdf.
On February 25, 2022, the FTC sought public comment on the information collection requirements associated with the Rule. 87 FR 10792. The Commission received no germane comments. Pursuant to the OMB regulations, 5 CFR part 1320, that implement the PRA, 44 U.S.C. 3501 et seq., the FTC is providing this second opportunity for public comment while seeking OMB approval to renew the pre-existing clearance for the Rules.
Your comment—including your name and your state—will be placed on the public record of this proceeding. Because your comment will be made public, you are solely responsible for making sure that your comment does not include any sensitive personal information, such as anyone's Social Security number; date of birth; driver's license number or other state identification number, or foreign country equivalent; passport number; financial account number; or credit or debit card number. You are also solely responsible for making sure that your comment does not include any sensitive health information, such as medical records or other individually identifiable health information. In addition, your comment should not include any “trade secret or any commercial or financial information which . . . is privileged or confidential”—as provided by Section 6(f) of the FTC Act, 15 U.S.C. 46(f), and FTC Rule 4.10(a)(2), 16 CFR 4.10(a)(2)—including in particular competitively sensitive information such as costs, sales statistics, inventories, formulas, patterns, devices, manufacturing processes, or customer names.
Josephine Liu,
Assistant General Counsel for Legal Counsel.
[FR Doc. 2022-12088 Filed 6-3-22; 8:45 am]
BILLING CODE 6750-01-P