The American Recovery and Reinvestment Act of 2009 (the Recovery Act) includes provisions to advance the use of health IT and, at the same time, strengthen privacy and security protections for health information. In response, on 16Apr09 the Federal Trade Commission (FTC) announced
a proposed set of guidelines to deal with PHR data breaches. The FTC is formally seeking comment. The full text of the notice
in the Federal Registry is available on the FTC WWW-site.