H. R. 3731
IN THE HOUSE OF REPRESENTATIVES
December 12, 2013
Mrs. Black (for herself and Mr. Meehan) introduced the following bill; which was referred to the Committee on Energy and Commerce
To require an Exchange established under the Patient Protection and Affordable Care Act to notify individuals in the case that personal information of such individuals is known to have been acquired or accessed as a result of a breach of the security of any system maintained by the Exchange.
This Act may be cited as the
Federal Exchange Data Breach Notification Act of 2013
Notification to individuals of personal information being acquired or accessed as a result of a breach of system security
After the discovery of a breach of security of any system maintained by an Exchange established pursuant to section 1321(c) of the Patient Protection and Affordable Care Act ( Public Law 111–148 ), the Exchange shall, in accordance with the requirements of the Health Breach Notification Rule issued by the Federal Trade Commission (16 C.F.R. 318), provide notice of such breach to each individual whose personal information (including any non health-related personal information) is known to have been acquired or accessed as a result of such breach of security. A violation of this section shall be treated as a violation of a rule defining an unfair or deceptive act or practice prescribed under section 18 of the Federal Trade Commission Act ( 15 U.S.C. 57a ).