IAPP CIPP/US Practice Exam

Category - Professional

A data breach involving the unauthorized disclosure of personal health information. The organization experiencing the breach is covered by HIPAA and the Health Breach Notification Rule. Which agency mandates data breach notification to affected parties?
  1. HITECH enforcement agencies
  2. Federal Communications Commission
  3. Department of Health and Human Services
  4. Federal Trade Commission and Department of Health and Human Services
Explanation
Answer D: The FTC sets forth the Health Breach Notification Rule. If the entity experiencing the breach is covered by the HIPAA Breach Notification Rule, the Federal Trade Commission and the Secretary of the U.S. Department of Health and Human Services must be notified.
 
Some instances require notifying the media about the data breach. The Department of Health and Human Services’ Breach Notification Rule and FTC’s Health Breach Notification Rule explain the requirements and guidelines for notifications.
Was this helpful? Upvote!
Login to contribute your own answer or details

Top questions

Related questions

Most popular on PracticeQuiz