Under the American Recovery and Reinvestment Act of 2009 (the “Recovery Act” or “the Act”), the Federal Trade Commission (“FTC”) or (“Commission”) must issue rules requiring vendors of personal health records and related entities to notify individuals when the security of their individually identifiable health information is breached. Accordingly, the FTC seeks comment on a […]