[Federal Register Volume 87, Number 108 (Monday, June 6, 2022)]
[Notices]
[Pages 34272-34273]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 2022-12088]


=======================================================================
-----------------------------------------------------------------------

FEDERAL TRADE COMMISSION


Agency Information Collection Activities; Submission for OMB 
Review; Comment Request

AGENCY: Federal Trade Commission (FTC).

ACTION: Notice and request for comment.

-----------------------------------------------------------------------

SUMMARY: The FTC requests that the Office of Management and Budget 
(OMB) extend for three years the current Paperwork Reduction Act (PRA) 
clearance for information collection requirements contained in the 
agency's Health Breach Notification Rule (or Rule). That clearance 
expires on June 30, 2022.

DATES: Comments must be received by July 6, 2022.

ADDRESSES: Written comments and recommendations for the proposed 
information collection should be sent within 30 days of publication of 
this notice to www.reginfo.gov/public/do/

[[Page 34273]]

PRAMain. Find this particular information collection by selecting 
``Currently under 30-day Review--Open for Public Comments'' or by using 
the search function. The reginfo.gov web link is a United States 
Government website produced by OMB and the General Services 
Administration (GSA). Under PRA requirements, OMB's Office of 
Information and Regulatory Affairs (OIRA) reviews Federal information 
collections.

FOR FURTHER INFORMATION CONTACT: Ryan Mehm, Attorney, Bureau of 
Consumer Protection, (202) 326-2918, Federal Trade Commission, 600 
Pennsylvania Ave. NW, Washington, DC 20580.

SUPPLEMENTARY INFORMATION: 
    Title: Health Breach Notification Rule.
    OMB Control Number: 3084-0150.
    Type of Review: Extension of a currently approved collection.
    Likely Respondents: Vendors of personal health records, PHR related 
entities and third party service providers.
    Estimated Annual Hours Burden: 4,654.
    Estimated Frequency: 2,500 single-person breaches per year and 0.33 
major breaches per year.
    Total Annual Labor Cost: $90,739.\1\
---------------------------------------------------------------------------

    \1\ Due to newly available information on hourly wage rates, the 
estimated annual labor costs were adjusted downward from $90,741 in 
the 60-Day FR Notice to $90,739 in the 30-Day FR Notice. See the 
updated mean hourly wages found at https://www.bls.gov/news.release/ocwage.htm (``Occupational Employment and Wages--May 2021,'' U.S. 
Department of Labor, released March 31, 2022, Table 1 (``National 
employment and wage data from the Occupational Employment Statistics 
survey by occupation, May 2021'').
---------------------------------------------------------------------------

    Total Annual Capital or Other Non-Labor Cost: $31,632.\2\
---------------------------------------------------------------------------

    \2\ Due to newly available information on hourly wage rates, the 
estimated annual labor costs were adjusted upward from $31,056 in 
the 60-Day FR Notice to $31,632 in the 30-Day FR Notice. See 
footnote 1 for the updated source of this information.
---------------------------------------------------------------------------

    Abstract: The Health Breach Notification Rule (Rule), 16 CFR part 
318, requires vendors of personal health records (PHR) and PHR related 
entities to provide notice to: (1) consumers whose unsecured personally 
identifiable health information has been breached; (2) the Commission; 
and (3) in some cases, the media. The Rule only applies to electronic 
health records and does not include recordkeeping requirements. The 
Rule requires third party service providers (e.g., those companies that 
provide services such as billing or data storage) to vendors of 
personal health records and PHR related entities to provide 
notification to such vendors and PHR related entities following the 
discovery of a breach. To notify the FTC of a breach, the Commission 
developed a simple, two-page form, which is posted at https://www.ftc.gov/system/files/documents/rules/health-breach-notification-rule/health_breach_form.pdf.
    On February 25, 2022, the FTC sought public comment on the 
information collection requirements associated with the Rule. 87 FR 
10792. The Commission received no germane comments. Pursuant to the OMB 
regulations, 5 CFR part 1320, that implement the PRA, 44 U.S.C. 3501 et 
seq., the FTC is providing this second opportunity for public comment 
while seeking OMB approval to renew the pre-existing clearance for the 
Rules.
    Your comment--including your name and your state--will be placed on 
the public record of this proceeding. Because your comment will be made 
public, you are solely responsible for making sure that your comment 
does not include any sensitive personal information, such as anyone's 
Social Security number; date of birth; driver's license number or other 
state identification number, or foreign country equivalent; passport 
number; financial account number; or credit or debit card number. You 
are also solely responsible for making sure that your comment does not 
include any sensitive health information, such as medical records or 
other individually identifiable health information. In addition, your 
comment should not include any ``trade secret or any commercial or 
financial information which . . . is privileged or confidential''--as 
provided by Section 6(f) of the FTC Act, 15 U.S.C. 46(f), and FTC Rule 
4.10(a)(2), 16 CFR 4.10(a)(2)--including in particular competitively 
sensitive information such as costs, sales statistics, inventories, 
formulas, patterns, devices, manufacturing processes, or customer 
names.

Josephine Liu,
Assistant General Counsel for Legal Counsel.
[FR Doc. 2022-12088 Filed 6-3-22; 8:45 am]
BILLING CODE 6750-01-P