This appears to be pretty much status quo and should be added as it covers all types of Personal Health Record software. Google and Microsoft use security that is much more rigid than HIPAA requires, after all both companies not only protect us, but also the enterprise with the internet. BD
Provisions in the economic stimulus bill, which President Obama will sign on Feb. 17, impose new consumer protection requirements on vendors of personal health records.
The vendors must notify affected individuals following the discovery of a breach of unsecured identifiable health information in PHRs. Vendors also must notify the Federal Trade Commission.
Further, a third-party service provider that provides services to a PHR vendor or covered entities that offer PHRs must notify affected vendors or entities of a beach. "Such notice shall include the identification of each individual whose unsecured PHR identifiable health information has been, or is reasonably believed to have been, accessed, acquired or disclosed during such breach," according to the legislation.