Answer D: The FTC sets forth the Health Breach Notification Rule. If the entity experiencing the breach is covered by the HIPAA Breach Notification Rule, the Federal Trade Commission and the Secretary of the U.S. Department of Health and Human Services must be notified.
Some instances require notifying the media about the data breach. The Department of Health and Human Services’ Breach Notification Rule and FTC’s Health Breach Notification Rule explain the requirements and guidelines for notifications.