Healthcare Information Security

State Patient Privacy Laws

Va. Data Breach Legislation Update Accounts for Payroll Data

April 19, 2017 - Virginia recently updated its data breach legislation to require notification should payroll data become compromised. The amended statute applies to employers or payroll service providers who experience unauthorized access and acquisition of personal information. This includes unencrypted and unredacted computerized data containing a taxpayer identification number in combination with income...

More Articles

Va. Data Breach Legislation Update Accounts for Payroll Data

by Elizabeth Snell

Virginia recently updated its data breach legislation to require notification should payroll data become compromised. The amended statute applies to employers or payroll service providers who experience unauthorized access and acquisition of...

Do Healthcare Data Breach Lawsuits Have Reasonable Standards?

by Elizabeth Snell

Being able to prove fault in a healthcare data breach class action lawsuit is inherently difficult, but it is also important to understand the privacy expectations, according to a recent Corporate Clients Insight blog post. Data breach cases...

TN Updates Data Breach Notification Law for Encrypted Data

by Elizabeth Snell

Any person or business that conducts business in Tennessee is only required give data breach notification if the information acquired was unencrypted, according to a recently passed amendment. Amended Senate Bill 547 states that encrypted data...

N.M. Senate Committee Passes Data Breach Notification Bill

by Elizabeth Snell

A New Mexico data breach notification bill was recently passed by a state Senate Committee, and will move onto the Senate Judiciary Committee, according to the Los Alamos Daily Post.   Rep. Bill Rehm introduced House Bill 15, and explained...

Recent Cybersecurity Bill Focuses on State, Local Preparation

by Elizabeth Snell

A reintroduced cybersecurity bill hopes to help state and local governments fight against the increasing number of cybersecurity threats. The State and Local Cyber Protection Act will require more coordination with the Department of...

Mass. Launches Online Data Breach Notification Archive

by Elizabeth Snell

As part of the recently updated Massachusetts Public Records Law, the state’s Office of Consumer Affairs and Business Regulation made its online Data Breach Notification Archive available to the public. Governor Charlie Baker signed the...

NGA Publishes State Road Map for Secure Health Data Exchange

by Elizabeth Snell

Under an agreement with the Office of the National Coordinator (ONC), the National Governors Association (NGA) released guidance with potential steps that could improve the flow of electronic health information within, and among states. Ensuring...

Are More State Data Breach Notification Laws Recognizing PHI?

by Elizabeth Snell

Federal regulations, such as HIPAA and the HITECH Rule, garner the majority of attention when it comes to the data breach notification process. However, state laws also exist, and tend to vary. Covered entities and business associates must ensure...

IL Data Breach Notification Law to Include Healthcare Data

by Jacqueline Belliveau

Last month, Illinois Governor Bruce Rauner signed several amendments to a data breach notification law that would impact healthcare data security regulations starting in 2017. Under the revised Personal Information Privacy Act, protected personal...

Proposed NY Data Breach Legislation Accounts for PHI Security

by Elizabeth Snell

Pending data breach legislation in New York could potentially affect the future of PHI security, as the proposed bill would include individuals’ medical information under its definition of personal information. If the bill passes, unsecured...

Neb. Data Breach Notification Law Clarifies Encryption Aspect

by Elizabeth Snell

Nebraska Governor Pete Ricketts signed an amended version of the state’s data breach notification law last month, which further clarifies the data encryption exemption and expands the definition of personal information. LB835 made changes...

PA Court Rejects Healthcare Data Breach Class Action Lawsuit

by Elizabeth Snell

The Pennsylvania Superior Court recently dismissed claims in a healthcare data breach class action lawsuit, explaining that the trial court needs to review the plaintiff’s claim under the Uniform Trade Practices and Consumer Protection...

Calif. Senate Committee Passess Ransomware Legislation

by Elizabeth Snell

The California Senate Public Safety Committee passed ransomware legislation earlier this month that outlaws the online act and specifies how the crime should be prosecuted. Written by Senator Robert Hertzberg and co-sponsored by Los Angeles County...

Are State Health Data Breach Notification Laws Needed?

by Elizabeth Snell

State healthcare data breach notification laws are not always thought of first in covered entities’ approaches to their data security plans, as HIPAA regulations are likely top concerns. However, organizations will also be held to state...

Medical Identity Theft Discussed in New RI Legislation

by Elizabeth Snell

Medical identity theft is just one potential issue that recent Rhode Island legislation hopes to solve. Set to go into effect on June 26, 2016, the new Rhode Island Identity Theft Protection Act requires businesses and organizations of all sizes...

Oregon Data Breach Notification Law Goes Into Effect

by Elizabeth Snell

A new Oregon data breach notification law went into effect on January 1, and requires businesses and government agencies to notify the state attorney general of a data breach affecting more than 250 state residents. The Oregon Consumer Identity...

State HIPAA Settlement Reached in URMC Data Breach Case

by Elizabeth Snell

New York Attorney General Eric T. Schneiderman reached a HIPAA settlement with the University of Rochester Medical Center (URMC), following a healthcare data breach from last spring that compromised approximately 3,400 patients’ PHI. As...

Key Reminders For Strong HIE Security

by Elizabeth Snell

With more healthcare providers looking to connect to HIEs and achieve interoperability, HIE security issues need to be considered as part of a larger health data security plan. The Office of the National Coordinator for Health Information Technology...

Illinois Governor Vetoes Data Breach Notification Bill

by Elizabeth Snell

Illinois Governor Bruce Rauner issued an amendatory veto on a data breach notification bill that would have extended the type of information to be protected to include medical, health insurance, biometric, consumer marketing, and geolocation...

How Will NJ Bill Affect Patient PHI Access?

by Elizabeth Snell

Patient PHI access is one of several rights granted to individuals through the HIPAA Privacy Rule. Essentially, individuals have the right to review and request to receive a copy of their medical records. There can be certain circumstances where...


SIGN UP and gain free access to articles, white papers, webcasts and exclusive interviews on

HIPAA Compliance
Data Breaches

Our privacy policy

no, thanks