51534 Federal Register / Vol. 77, No. 165 / Friday, August 24, 2012 / Notices
to the meeting to give EPA as much time
as possible to process your request.
Dated: August 20, 2012.
Mark Joyce,
Acting Designated Federal Officer.
[FR Doc. 2012–20882 Filed 8–23–12; 8:45 am]
BILLING CODE 6560–50–P
ENVIRONMENTAL PROTECTION
AGENCY
[FRL–9710–8]
Notice of Proposed Prospective
Purchaser Agreement Pursuant to the
Comprehensive Environmental
Response, Compensation and Liability
Act of 1980, as Amended (‘‘CERCLA’’),
and the Solid Waste Disposal Act
AGENCY: Environmental Protection
Agency (EPA).
ACTION: Notice; request for public
comment.
SUMMARY: In accordance with the
Comprehensive Environmental
Response, Compensation, and Liability
Act of 1980, as amended (‘‘CERCLA’’),
and the Solid Waste Disposal Act,
commonly referred to as the Resource
Conservation and Recovery Act of 1976,
as amended by the Hazardous and Solid
Waste Amendments of 1984 (‘‘RCRA’’),
notice is hereby given that a proposed
Prospective Purchaser Agreement
(‘‘PPA’’) associated with a 1400-acre
parcel of property located in
Philadelphia, Pennsylvania (‘‘Property’’)
was executed by the Environmental
Protection Agency and the Department
of Justice. Once finalized, the PPA will
resolve potential claims under Sections
106 and 107(a) of CERCLA, and Sections
3005 and 3008(a) of RCRA, against
Philadelphia Energy Solutions LLC
(‘‘PES LLC’’) and Philadelphia Energy
Solutions Refining & Marketing (‘‘PES
R&M LLC’’). The proposed PPA is now
subject to public comment after which
the United States may modify or
withdraw its consent if comments
received disclose facts or considerations
which indicate that the PPA is
inappropriate, improper, or inadequate.
Sunoco, Inc. (R&M), a subsidiary of
Sunoco, Inc., currently operates the
Property as a crude oil refinery to
distribute, store and process petroleum.
PES R&M LLC has proposed to purchase
the Property and continue crude oil
refining and related operations at the
Property.
The Property consists of two formerly
separate refining operations known as
‘‘Point Breeze’’ and ‘‘Girard Point.’’ EPA
issued a RCRA Corrective Action Permit
under RCRA Section 3004(u), 42 U.S.C.
Section 6924(u), for the Point Breeze
operation in 1988 and for the Girard
Point operation in 1989. Both permits
require Sunoco, Inc. (R&M) to, among
other things, investigate solid waste
management units (‘‘SWMUs’’) and
evaluate remedy options. Both permits
have been extended by EPA until final
remedy selection. After PES R&M LLC
purchases the Property, Sunoco, Inc.
(R&M) will be required to complete its
RCRA corrective action obligations at
the Property.
DATES: Comments must be submitted on
or before thirty (30) days after the date
of publication of this notice.
ADDRESSES: The Proposed PPA and
additional background information
relating to the Proposed PPA are
available for public inspection at the
U.S. Environmental Protection Agency,
Region III, 1650 Arch Street,
Philadelphia, PA 19103. A copy of the
Proposed PPA may be obtained from
Hon Lee, U.S. Environmental Protection
Agency (3LC23), 1650 Arch Street,
Philadelphia, PA 19103 or at lee.hon@
epa.gov or at 215–814–3419. Comments
should reference the ‘‘PES LLC PPA’’
and ‘‘CERC/RCRA–03–2012–0224DC,’’
and should be forwarded to Hon Lee at
the above address.
Dated: July 23, 2012.
Abraham Ferdas,
Director, Land and Chemicals Division, U.S.
Environmental Protection Agency, Region III.
[FR Doc. 2012–20870 Filed 8–23–12; 8:45 am]
BILLING CODE 6560–50–P
FEDERAL DEPOSIT INSURANCE
CORPORATION
Agency Information Collection
Activities: Proposed Collection
Renewal; Comment Request
AGENCY: Federal Deposit Insurance
Corporation (FDIC).
ACTION: Notice and request for comment.
SUMMARY: The FDIC, as part of its
continuing effort to reduce paperwork
and respondent burden, invites the
general public and other Federal
agencies to take this opportunity to
comment on the renewal of existing
information collections, as required by
the Paperwork Reduction Act of 1995
(44 U.S.C. chapter 35). Currently, the
FDIC is soliciting comment on renewal
of the information collections described
below.
DATES: Comments must be submitted on
or before October 23, 2012.
ADDRESSES: Interested parties are
invited to submit written comments to
the FDIC by any of the following
methods: http://www.FDIC.gov/
regulations/laws/federal/notices.html.
Email: comments@fdic.gov. Include
the name of the collection in the subject
line of the message.
Mail: Gary A. Kuiper (202.898.3877),
Counsel, Room NYA–5046, Federal
Deposit Insurance Corporation, 550 17th
Street NW., Washington, DC 20429.
Hand Delivery: Comments may be
hand-delivered to the guard station at
the rear of the 17th Street Building
(located on F Street), on business days
between 7:00 a.m. and 5:00 p.m.
All comments should refer to the
relevant OMB control number. A copy
of the comments may also be submitted
to the OMB desk officer for the FDIC:
Office of Information and Regulatory
Affairs, Office of Management and
Budget, New Executive Office Building,
Washington, DC 20503.
FOR FURTHER INFORMATION CONTACT: Gary
A. Kuiper, at the FDIC address above.
SUPPLEMENTARY INFORMATION: Proposal
to renew the following currently-
approved collection of information:
1. Title: Notice Regarding
Unauthorized Access to Customer
Information.
OMB Number: 3064–0145.
Frequency of Response: On occasion.
Affected Public: Insured state
nonmember banks.
Number of FDIC regulated banks that
will notify customers: 93.
Estimated Time per Response: 29
hours.
Annual Burden: 2,697 hours.
General Description of Collection:
This collection reflects the FDIC’s
expectations regarding a response
program that financial institutions
should develop to address unauthorized
access to or use of customer information
that could result in substantial harm or
inconvenience to a customer. The
information collections require financial
institutions to: (1) Develop notices to
customers; and (2) in certain
circumstances, determine which
customers should receive the notices
and send the notices to customers.
2. Title: Identity Theft Red Flags and
Address Discrepancies Under the Fair
and Accurate Credit Transactions Act of
2003 (FACT Act).
OMB No.: 3064–0152.
Affected Public: Individuals;
businesses or other for-profit.
Estimated Number of Respondents:
4,546.
Estimated Time per Response: 16
hours.
Estimated Total Annual Burden:
72,736 hours.
General Description of the Collection:
12 CFR 334.82, 334.90, 334.91 and
VerDate Mar<15>2010 15:22 Aug 23, 2012 Jkt 226001 PO 00000 Frm 00024 Fmt 4703 Sfmt 4703 E:\FR\FM\24AUN1.SGM 24AUN1
erowe on DSK2VPTVN1PROD with
to the meeting to give EPA as much time
as possible to process your request.
Dated: August 20, 2012.
Mark Joyce,
Acting Designated Federal Officer.
[FR Doc. 2012–20882 Filed 8–23–12; 8:45 am]
BILLING CODE 6560–50–P
ENVIRONMENTAL PROTECTION
AGENCY
[FRL–9710–8]
Notice of Proposed Prospective
Purchaser Agreement Pursuant to the
Comprehensive Environmental
Response, Compensation and Liability
Act of 1980, as Amended (‘‘CERCLA’’),
and the Solid Waste Disposal Act
AGENCY: Environmental Protection
Agency (EPA).
ACTION: Notice; request for public
comment.
SUMMARY: In accordance with the
Comprehensive Environmental
Response, Compensation, and Liability
Act of 1980, as amended (‘‘CERCLA’’),
and the Solid Waste Disposal Act,
commonly referred to as the Resource
Conservation and Recovery Act of 1976,
as amended by the Hazardous and Solid
Waste Amendments of 1984 (‘‘RCRA’’),
notice is hereby given that a proposed
Prospective Purchaser Agreement
(‘‘PPA’’) associated with a 1400-acre
parcel of property located in
Philadelphia, Pennsylvania (‘‘Property’’)
was executed by the Environmental
Protection Agency and the Department
of Justice. Once finalized, the PPA will
resolve potential claims under Sections
106 and 107(a) of CERCLA, and Sections
3005 and 3008(a) of RCRA, against
Philadelphia Energy Solutions LLC
(‘‘PES LLC’’) and Philadelphia Energy
Solutions Refining & Marketing (‘‘PES
R&M LLC’’). The proposed PPA is now
subject to public comment after which
the United States may modify or
withdraw its consent if comments
received disclose facts or considerations
which indicate that the PPA is
inappropriate, improper, or inadequate.
Sunoco, Inc. (R&M), a subsidiary of
Sunoco, Inc., currently operates the
Property as a crude oil refinery to
distribute, store and process petroleum.
PES R&M LLC has proposed to purchase
the Property and continue crude oil
refining and related operations at the
Property.
The Property consists of two formerly
separate refining operations known as
‘‘Point Breeze’’ and ‘‘Girard Point.’’ EPA
issued a RCRA Corrective Action Permit
under RCRA Section 3004(u), 42 U.S.C.
Section 6924(u), for the Point Breeze
operation in 1988 and for the Girard
Point operation in 1989. Both permits
require Sunoco, Inc. (R&M) to, among
other things, investigate solid waste
management units (‘‘SWMUs’’) and
evaluate remedy options. Both permits
have been extended by EPA until final
remedy selection. After PES R&M LLC
purchases the Property, Sunoco, Inc.
(R&M) will be required to complete its
RCRA corrective action obligations at
the Property.
DATES: Comments must be submitted on
or before thirty (30) days after the date
of publication of this notice.
ADDRESSES: The Proposed PPA and
additional background information
relating to the Proposed PPA are
available for public inspection at the
U.S. Environmental Protection Agency,
Region III, 1650 Arch Street,
Philadelphia, PA 19103. A copy of the
Proposed PPA may be obtained from
Hon Lee, U.S. Environmental Protection
Agency (3LC23), 1650 Arch Street,
Philadelphia, PA 19103 or at lee.hon@
epa.gov or at 215–814–3419. Comments
should reference the ‘‘PES LLC PPA’’
and ‘‘CERC/RCRA–03–2012–0224DC,’’
and should be forwarded to Hon Lee at
the above address.
Dated: July 23, 2012.
Abraham Ferdas,
Director, Land and Chemicals Division, U.S.
Environmental Protection Agency, Region III.
[FR Doc. 2012–20870 Filed 8–23–12; 8:45 am]
BILLING CODE 6560–50–P
FEDERAL DEPOSIT INSURANCE
CORPORATION
Agency Information Collection
Activities: Proposed Collection
Renewal; Comment Request
AGENCY: Federal Deposit Insurance
Corporation (FDIC).
ACTION: Notice and request for comment.
SUMMARY: The FDIC, as part of its
continuing effort to reduce paperwork
and respondent burden, invites the
general public and other Federal
agencies to take this opportunity to
comment on the renewal of existing
information collections, as required by
the Paperwork Reduction Act of 1995
(44 U.S.C. chapter 35). Currently, the
FDIC is soliciting comment on renewal
of the information collections described
below.
DATES: Comments must be submitted on
or before October 23, 2012.
ADDRESSES: Interested parties are
invited to submit written comments to
the FDIC by any of the following
methods: http://www.FDIC.gov/
regulations/laws/federal/notices.html.
Email: comments@fdic.gov. Include
the name of the collection in the subject
line of the message.
Mail: Gary A. Kuiper (202.898.3877),
Counsel, Room NYA–5046, Federal
Deposit Insurance Corporation, 550 17th
Street NW., Washington, DC 20429.
Hand Delivery: Comments may be
hand-delivered to the guard station at
the rear of the 17th Street Building
(located on F Street), on business days
between 7:00 a.m. and 5:00 p.m.
All comments should refer to the
relevant OMB control number. A copy
of the comments may also be submitted
to the OMB desk officer for the FDIC:
Office of Information and Regulatory
Affairs, Office of Management and
Budget, New Executive Office Building,
Washington, DC 20503.
FOR FURTHER INFORMATION CONTACT: Gary
A. Kuiper, at the FDIC address above.
SUPPLEMENTARY INFORMATION: Proposal
to renew the following currently-
approved collection of information:
1. Title: Notice Regarding
Unauthorized Access to Customer
Information.
OMB Number: 3064–0145.
Frequency of Response: On occasion.
Affected Public: Insured state
nonmember banks.
Number of FDIC regulated banks that
will notify customers: 93.
Estimated Time per Response: 29
hours.
Annual Burden: 2,697 hours.
General Description of Collection:
This collection reflects the FDIC’s
expectations regarding a response
program that financial institutions
should develop to address unauthorized
access to or use of customer information
that could result in substantial harm or
inconvenience to a customer. The
information collections require financial
institutions to: (1) Develop notices to
customers; and (2) in certain
circumstances, determine which
customers should receive the notices
and send the notices to customers.
2. Title: Identity Theft Red Flags and
Address Discrepancies Under the Fair
and Accurate Credit Transactions Act of
2003 (FACT Act).
OMB No.: 3064–0152.
Affected Public: Individuals;
businesses or other for-profit.
Estimated Number of Respondents:
4,546.
Estimated Time per Response: 16
hours.
Estimated Total Annual Burden:
72,736 hours.
General Description of the Collection:
12 CFR 334.82, 334.90, 334.91 and
VerDate Mar<15>2010 15:22 Aug 23, 2012 Jkt 226001 PO 00000 Frm 00024 Fmt 4703 Sfmt 4703 E:\FR\FM\24AUN1.SGM 24AUN1
erowe on DSK2VPTVN1PROD with
51535Federal Register / Vol. 77, No. 165 / Friday, August 24, 2012 / Notices
1 ‘‘PHR related entity’’ means an entity, other than
a HIPAA-covered entity or an entity to the extent
that it engages in activities as a business associate
of a HIPAA-covered entity, that: (1) Offers products
or services through the Web site of a vendor of
personal health records; (2) offers products or
services through the Web sites of HIPAA-covered
entities that offer individuals personal health
records; or (3) accesses information in a personal
health record or sends information to a personal
health record. 16 CFR 318.2(f).
Appendix J to Part 334 implement
sections 114 and 315 of the Fair and
Accurate Credit Transactions Act of
2003 (FACT Act), Public Law 108–159
(2003). Section 114 amended section
615 of the Fair Credit Reporting Act
(FCRA) to require the OCC, FRB, FDIC,
OTS, NCUA, and FTC (Agencies) to
issue jointly (i) Guidelines for financial
institutions and creditors regarding
identity theft with respect to their
account holders and customers; (ii)
regulations requiring each financial
institution and creditor to establish
reasonable policies and procedures for
implementing the guidelines to identify
possible risks to account holders or
customers or to the safety and
soundness of the institution or creditor;
and (iii) regulations generally requiring
credit and debit card issuers to assess
the validity of change of address
requests under certain circumstances.
Section 315 amended section 605 of the
FCRA to require the Agencies to issue
regulations providing guidance
regarding reasonable policies and
procedures that a user of consumer
reports must employ when a user
receives a notice of address discrepancy
from a consumer reporting agency
(CRA). The information collections in
Sec. 334.90 require each financial
institution and creditor that offers or
maintains one or more covered accounts
to develop and implement a written
Identity Theft Prevention Program
(Program). In developing the Program,
financial institutions and creditors are
required to consider the guidelines in
Appendix J to Part 334 and include
those that are appropriate. The initial
Program must be approved by the board
of directors or an appropriate committee
thereof and the board, an appropriate
committee thereof or a designated
employee at the level of senior
management must be involved in the
oversight of the Program. In addition,
staff must be trained to carry out the
Program. Pursuant to Sec. 334.91, each
credit and debit card issuer is required
to establish and implement policies and
procedures to assess the validity of a
change of address request under certain
circumstances. Before issuing an
additional or replacement card, the card
issuer must notify the cardholder or use
another means to assess the validity of
the change of address. The information
collections in Sec. 41.82 require each
user of consumer reports to develop and
implement reasonable policies and
procedures designed to enable the user
to form a reasonable belief that a
consumer report relates to the consumer
about whom it requested the report
when the user receives a notice of
address discrepancy from a CRA. A user
of consumer reports must also develop
and implement reasonable policies and
procedures for furnishing an address for
the consumer that the user has
reasonably confirmed to be accurate to
the CRA from which it receives a notice
of address discrepancy when: (1) The
user can form a reasonable belief that
the consumer report relates to the
consumer about whom the user has
requested the report; (2) the user
establishes a continuing relationship
with the consumer; and (3) the user
regularly and in the ordinary course of
business furnishes information to the
CRA from which it received the notice
of address discrepancy.
Request for Comment
Comments are invited on: (a) Whether
the collection of information is
necessary for the proper performance of
the FDIC’s functions, including whether
the information has practical utility; (b)
the accuracy of the estimates of the
burden of the information collection,
including the validity of the
methodology and assumptions used; (c)
ways to enhance the quality, utility, and
clarity of the information to be
collected; and (d) ways to minimize the
burden of the information collection on
respondents, including through the use
of automated collection techniques or
other forms of information technology.
All comments will become a matter of
public record.
Dated at Washington, DC, this 20th day of
August 2012.
Federal Deposit Insurance Corporation.
Robert E. Feldman,
Executive Secretary.
[FR Doc. 2012–20810 Filed 8–23–12; 8:45 am]
BILLING CODE 6714–01–P
FEDERAL TRADE COMMISSION
Agency Information Collection
Activities; Submission for OMB
Review; Comment Request; Extension
AGENCY: Federal Trade Commission
(‘‘FTC’’ or ‘‘Commission’’).
ACTION: Notice.
SUMMARY: The FTC intends to ask the
Office of Management and Budget
(‘‘OMB’’) to extend through September
30, 2015, the current Paperwork
Reduction Act (‘‘PRA’’) clearance for the
information collection requirements in
the Health Breach Notification Rule.
That clearance expires on September 30,
2012.
DATES: Comments must be filed by
September 24, 2012.
ADDRESSES: Interested parties may file a
comment online or on paper, by
following the instructions in the
Request for Comment part of the
SUPPLEMENTARY INFORMATION section
below. Write ‘‘Health Breach
Notification Rule, PRA Comments, P–
125402’’ on your comment and file your
comment online at https://
ftcpublic.commentworks.com/ftc/
healthbreachnotificationPRA2, by
following the instructions on the web-
based form. If you prefer to file your
comment on paper, mail or deliver your
comment to the following address:
Federal Trade Commission, Office of the
Secretary, Room H–113 (Annex J), 600
Pennsylvania Avenue NW., Washington,
DC 20580.
FOR FURTHER INFORMATION CONTACT:
Amanda Koulousias, Attorney, Division
of Privacy and Identity Protection,
Bureau of Consumer Protection, Federal
Trade Commission, 600 Pennsylvania
Avenue NW., Washington, DC 20580,
(202) 326–2252.
SUPPLEMENTARY INFORMATION:
Title: Health Breach Notification Rule.
OMB Control Number: 3084–0150.
Type of Review: Extension of a
currently approved collection.
Abstract: The Health Breach
Notification Rule (‘‘Rule’’), 16 CFR Part
318, requires vendors of personal health
records and PHR related entities 1 to
provide: (1) Notice to consumers whose
unsecured personally identifiable health
information has been breached; and (2)
notice to the Commission. The Rule
only applies to electronic health records
and does not include recordkeeping
requirements. The Rule requires third
party service providers (i.e., those
companies that provide services such as
billing or data storage) to vendors of
personal health records and PHR related
entities to provide notification to such
vendors and PHR related entities
following the discovery of a breach. To
notify the FTC of a breach, the
Commission developed a form, which is
posted at www.ftc.gov/healthbreach, for
entities subject to the rule to complete
and return to the agency.
On May 29, 2012, the FTC sought
comment on the information collection
requirements associated with the Rule.
77 FR 31612. No comments were
VerDate Mar<15>2010 15:22 Aug 23, 2012 Jkt 226001 PO 00000 Frm 00025 Fmt 4703 Sfmt 4703 E:\FR\FM\24AUN1.SGM 24AUN1
erowe on DSK2VPTVN1PROD with
1 ‘‘PHR related entity’’ means an entity, other than
a HIPAA-covered entity or an entity to the extent
that it engages in activities as a business associate
of a HIPAA-covered entity, that: (1) Offers products
or services through the Web site of a vendor of
personal health records; (2) offers products or
services through the Web sites of HIPAA-covered
entities that offer individuals personal health
records; or (3) accesses information in a personal
health record or sends information to a personal
health record. 16 CFR 318.2(f).
Appendix J to Part 334 implement
sections 114 and 315 of the Fair and
Accurate Credit Transactions Act of
2003 (FACT Act), Public Law 108–159
(2003). Section 114 amended section
615 of the Fair Credit Reporting Act
(FCRA) to require the OCC, FRB, FDIC,
OTS, NCUA, and FTC (Agencies) to
issue jointly (i) Guidelines for financial
institutions and creditors regarding
identity theft with respect to their
account holders and customers; (ii)
regulations requiring each financial
institution and creditor to establish
reasonable policies and procedures for
implementing the guidelines to identify
possible risks to account holders or
customers or to the safety and
soundness of the institution or creditor;
and (iii) regulations generally requiring
credit and debit card issuers to assess
the validity of change of address
requests under certain circumstances.
Section 315 amended section 605 of the
FCRA to require the Agencies to issue
regulations providing guidance
regarding reasonable policies and
procedures that a user of consumer
reports must employ when a user
receives a notice of address discrepancy
from a consumer reporting agency
(CRA). The information collections in
Sec. 334.90 require each financial
institution and creditor that offers or
maintains one or more covered accounts
to develop and implement a written
Identity Theft Prevention Program
(Program). In developing the Program,
financial institutions and creditors are
required to consider the guidelines in
Appendix J to Part 334 and include
those that are appropriate. The initial
Program must be approved by the board
of directors or an appropriate committee
thereof and the board, an appropriate
committee thereof or a designated
employee at the level of senior
management must be involved in the
oversight of the Program. In addition,
staff must be trained to carry out the
Program. Pursuant to Sec. 334.91, each
credit and debit card issuer is required
to establish and implement policies and
procedures to assess the validity of a
change of address request under certain
circumstances. Before issuing an
additional or replacement card, the card
issuer must notify the cardholder or use
another means to assess the validity of
the change of address. The information
collections in Sec. 41.82 require each
user of consumer reports to develop and
implement reasonable policies and
procedures designed to enable the user
to form a reasonable belief that a
consumer report relates to the consumer
about whom it requested the report
when the user receives a notice of
address discrepancy from a CRA. A user
of consumer reports must also develop
and implement reasonable policies and
procedures for furnishing an address for
the consumer that the user has
reasonably confirmed to be accurate to
the CRA from which it receives a notice
of address discrepancy when: (1) The
user can form a reasonable belief that
the consumer report relates to the
consumer about whom the user has
requested the report; (2) the user
establishes a continuing relationship
with the consumer; and (3) the user
regularly and in the ordinary course of
business furnishes information to the
CRA from which it received the notice
of address discrepancy.
Request for Comment
Comments are invited on: (a) Whether
the collection of information is
necessary for the proper performance of
the FDIC’s functions, including whether
the information has practical utility; (b)
the accuracy of the estimates of the
burden of the information collection,
including the validity of the
methodology and assumptions used; (c)
ways to enhance the quality, utility, and
clarity of the information to be
collected; and (d) ways to minimize the
burden of the information collection on
respondents, including through the use
of automated collection techniques or
other forms of information technology.
All comments will become a matter of
public record.
Dated at Washington, DC, this 20th day of
August 2012.
Federal Deposit Insurance Corporation.
Robert E. Feldman,
Executive Secretary.
[FR Doc. 2012–20810 Filed 8–23–12; 8:45 am]
BILLING CODE 6714–01–P
FEDERAL TRADE COMMISSION
Agency Information Collection
Activities; Submission for OMB
Review; Comment Request; Extension
AGENCY: Federal Trade Commission
(‘‘FTC’’ or ‘‘Commission’’).
ACTION: Notice.
SUMMARY: The FTC intends to ask the
Office of Management and Budget
(‘‘OMB’’) to extend through September
30, 2015, the current Paperwork
Reduction Act (‘‘PRA’’) clearance for the
information collection requirements in
the Health Breach Notification Rule.
That clearance expires on September 30,
2012.
DATES: Comments must be filed by
September 24, 2012.
ADDRESSES: Interested parties may file a
comment online or on paper, by
following the instructions in the
Request for Comment part of the
SUPPLEMENTARY INFORMATION section
below. Write ‘‘Health Breach
Notification Rule, PRA Comments, P–
125402’’ on your comment and file your
comment online at https://
ftcpublic.commentworks.com/ftc/
healthbreachnotificationPRA2, by
following the instructions on the web-
based form. If you prefer to file your
comment on paper, mail or deliver your
comment to the following address:
Federal Trade Commission, Office of the
Secretary, Room H–113 (Annex J), 600
Pennsylvania Avenue NW., Washington,
DC 20580.
FOR FURTHER INFORMATION CONTACT:
Amanda Koulousias, Attorney, Division
of Privacy and Identity Protection,
Bureau of Consumer Protection, Federal
Trade Commission, 600 Pennsylvania
Avenue NW., Washington, DC 20580,
(202) 326–2252.
SUPPLEMENTARY INFORMATION:
Title: Health Breach Notification Rule.
OMB Control Number: 3084–0150.
Type of Review: Extension of a
currently approved collection.
Abstract: The Health Breach
Notification Rule (‘‘Rule’’), 16 CFR Part
318, requires vendors of personal health
records and PHR related entities 1 to
provide: (1) Notice to consumers whose
unsecured personally identifiable health
information has been breached; and (2)
notice to the Commission. The Rule
only applies to electronic health records
and does not include recordkeeping
requirements. The Rule requires third
party service providers (i.e., those
companies that provide services such as
billing or data storage) to vendors of
personal health records and PHR related
entities to provide notification to such
vendors and PHR related entities
following the discovery of a breach. To
notify the FTC of a breach, the
Commission developed a form, which is
posted at www.ftc.gov/healthbreach, for
entities subject to the rule to complete
and return to the agency.
On May 29, 2012, the FTC sought
comment on the information collection
requirements associated with the Rule.
77 FR 31612. No comments were
VerDate Mar<15>2010 15:22 Aug 23, 2012 Jkt 226001 PO 00000 Frm 00025 Fmt 4703 Sfmt 4703 E:\FR\FM\24AUN1.SGM 24AUN1
erowe on DSK2VPTVN1PROD with