Requirements / ce530fb99b611480

This is a normalized obligation summary extracted deterministically from regulatory text. The structured fields below are parsed from the source—not AI-generated summaries.

Permissive FINAL

Obligation Structure

Actor: entity
Modality: Permissive
Duty: maintain a log of any such breach and submit such a log log of any
Conditions: If the breach involves the unsecured PHR identifiable health information of fewer than 500 individuals

Source Text

If the breach involves the unsecured PHR identifiable health information of fewer than 500 individuals, the vendor of personal health records or PHR related entity may maintain a log of any such breach and submit such a log annually to the Federal Trade Commission as described in § 318.4(b) (regarding timing of notice to FTC), documenting breaches from the preceding calendar year.

Source Document: 2024-10855

Agency: Federal Trade Commission

CFR Parts: 16 CFR 318

Requirement Type: inspection maintenance

Lifecycle History

2/12/2026 ADDED — → FINAL 2024-10855

Subscribe to Updates

RSS Feed for this Obligation

Get notified when this obligation is modified in proposed, final, or codified rules.

Stable ID: ce530fb99b611480