H.R. 3731: Federal Exchange Data Breach Notification Act of 2013

113th Congress, 2013–2015. Text as of Dec 12, 2013 (Introduced).

Status & Summary | PDF | Source: GPO and Cato Institute Deepbills

I

113th CONGRESS

1st Session

H. R. 3731

IN THE HOUSE OF REPRESENTATIVES

December 12, 2013

(for herself and Mr. Meehan) introduced the following bill; which was referred to the Committee on Energy and Commerce

A BILL

To require an Exchange established under the Patient Protection and Affordable Care Act to notify individuals in the case that personal information of such individuals is known to have been acquired or accessed as a result of a breach of the security of any system maintained by the Exchange.

1.

Short title

This Act may be cited as the Federal Exchange Data Breach Notification Act of 2013 .

2.

Notification to individuals of personal information being acquired or accessed as a result of a breach of system security

After the discovery of a breach of security of any system maintained by an Exchange established pursuant to section 1321(c) of the Patient Protection and Affordable Care Act ( Public Law 111–148 ), the Exchange shall, in accordance with the requirements of the Health Breach Notification Rule issued by the Federal Trade Commission (16 C.F.R. 318), provide notice of such breach to each individual whose personal information (including any non health-related personal information) is known to have been acquired or accessed as a result of such breach of security. A violation of this section shall be treated as a violation of a rule defining an unfair or deceptive act or practice prescribed under section 18 of the Federal Trade Commission Act ( 15 U.S.C. 57a ).