...
To facilitate compliance with the Health Information Technology for Economic and Clinical Health Act (HITECH) component of the American Recovery and Reinvestment Act of 2009 (ARRA) and Omnibus Privacy Final Rule 2013 breach notification of unsecured protected health information (PHI), Personal Identifiable Information (PII), Family Educational Rights and Privacy Act (FERPA), and other federal or state notification law requirements.
The Federal Trade Commission (FTC) has published breach notification rules for vendors of personal health records as required by ARRA/HITECH. The rule applies to breaches of security that are discovered on or after September 24, 2009.
...