The federal government is taking public comment on a rule regarding notification when electronic medical records are breached. The rule says consumers should be notified only if substantial harm has occurred. Critics say that's too high a standard.
Earlier this year, Congress passed a bill directing the Health and Human Services Department to draft a rule about protecting electronic medical records. Supporters said consumers should be notified whenever a breach has occurred.
The way the rule is written, companies that protect the data can decide whether to inform the public.
John Simpson, with the group Consumer Watchdog, says that's wrong.
"Once you set a standard that lets the companies essentially say, 'we'll weigh it on this scale, and gee, maybe we'd better do this,' that gets it awfully easy to just let them sweep it under the rug," Simpson says.
Some members of Congress have asked that the rule be changed. Public comment on the regulation ends this week.
