Healthcare Information Security

State Patient Privacy Laws

Patient Privacy Protections Extended to EOB in Massachusetts

April 16, 2018 - Patient privacy protections have been extended to cover explanation of benefits (EOB) summaries sent out by health insurers, under a Massachusetts bill signed in to law by Governor Charlie Baker (R) earlier this month. Sensitive health information contained in an EOB can no longer be shared with the primary subscriber of a health plan if that person is not the patient in the state of Massachusetts....


More Articles

Alabama Last US State to Enact Data Breach Notification Law

by Fred Donovan

Alabama Governor Kay Ivey has inked a data breach notification law that requires organizations and agencies to notify data breach victims within 45 days, becoming the last US state to enact such a statute. The law, which takes effect May...

Preparing for a Potential Healthcare Data Breach Investigation

by Elizabeth Snell

A current and comprehensive risk management plan, including a good auditing process, will be critical for organizations that must deal with a healthcare data breach investigation. Covered entities and business associates will be better able to...

South Dakota is 49th State to Pass Data Breach Notification Law

by Elizabeth Snell

South Dakota became the 49th state to have a data breach notification law when Governor Dennis Daugaard signed SB 62 into law on March 21, 2018. The bill includes health information in its definition of personal information as well, which should...

Attorneys General Stress Need for State Data Breach Laws

by Elizabeth Snell

It would be greatly detrimental to have federal regulations that preempt state data security and state data breach laws, according to a group of 32 attorneys general, led by Illinois Attorney General Lisa Madigan. The letter explains concerns...

Alabama Data Breach Notification Act Accounts for Medical Data

by Elizabeth Snell

Alabama may soon join 48 other states in having its own state data breach notification legislation, as the Alabama Senate passed a bill earlier this month that would require companies to provide notice should they experience a breach. The Alabama...

EmblemHealth Data Breach Leads to $575K NY State Settlement

by Elizabeth Snell

New York Attorney General Eric Schneiderman announced that a $575,000 settlement had been reached in the EmblemHealth data breach case, following a mailing error incident that exposed 81,122 Social Security numbers. The health plan discovered...

Nebraska Data Breach Notification Bill Passes Unanimously

by Elizabeth Snell

Individuals or commercial entities that hold Nebraska residents’ personal information must implement and maintain reasonable security procedures, according to a recently passed data breach notification bill. The Nebraska legislature passed...

Amended Data Privacy Law Proposed in Colorado Legislature

by Elizabeth Snell

The Colorado House Committee on State, Veterans, and Military Affairs unanimously approved an amended data privacy law that would require entities to implement “reasonable security procedures” to protect consumers’ personal...

MA Data Breach Reporting Tool Aids in Notification Process

by Elizabeth Snell

Massachusetts businesses and organizations that need to complete the data breach notification process will now be able to do so through an online data breach reporting tool. Massachusetts Attorney General Maura Healey explained in a statement...

Proposed Iowa Data Breach Bill Accounts for Health Data

by Elizabeth Snell

Recently proposed updates to Iowa’s data breach bill would include medical information and health insurance information under the definition of “personal information.” Organizations would also need to provide notification within...

New York Reaches $1.15M Settlement over Aetna Data Breach

by Elizabeth Snell

New York Attorney General Eric Schneiderman announced that a $1.15 million settlement has been reached following the Aetna data breach that occurred in 2017. Aetna sent letters to patients in the mail back in July 2017. Information about ordering...

KS Healthcare Organization Fined over Unsecured Patient Data

by Elizabeth Snell

Topeka, Kansas-based Pearlie Mae’s Compassion and Care LLC recently agreed to pay an $8,750 civil penalty after allegations that it had unsecured patient data in one of its office locations. Defendants Ann Marie Kaiser and Jenell Jones...

Colorado Data Privacy Law Updated, Includes Medical Information

by Elizabeth Snell

Bipartisan legislation aiming to improve current data privacy laws was recently introduced in Colorado. The bill would require entities implement “reasonable security procedures” to protect consumers’ personal information and...

NC Data Breach Legislation Accounts for Ransomware Attacks

by Elizabeth Snell

Following an increase in reported state data breaches in 2017, North Carolina’s attorney general and a state representative introduced data breach legislation to better protect individuals. The updated Act to Strengthen Identity Theft Protections...

2017 Updated State Data Breach Laws Account for Medical Information

by Elizabeth Snell

State data breach laws can be critical for protecting sensitive data, and healthcare organizations must ensure they adhere to them along with federal regulations. The data breach notification process is a crucial aspect to state law, and can...

Senator Urges Prompt Data Breach Disclosure in Recent Bill

by Elizabeth Snell

Florida Senator Bill Nelson introduced legislation toward the end of November 2017 that would require organizations to adhere to a more prompt data breach disclosure process. Companies that do not follow the requirements and attempt to deliberately...

HIPAA Info Included in Updated MD Data Breach Notification Law

by Elizabeth Snell

Maryland has updated its data breach notification law, with information protected under HIPAA to be included under the definition of personal information. Should that data be compromised in a data breach, state organizations will need to notify...

Proposals Made for Improved State Data Breach Laws

by Elizabeth Snell

The large-scale Equifax data breach has pushed some states into creating more stringent state data breach laws, looking to close gaps in how sensitive consumer information is protected. The Vermont House Committee on Commerce and Economic Development...

What Should Entities Expect with OCR HIPAA Enforcement?

by Elizabeth Snell

There have been nine OCR HIPAA enforcement settlements so far in 2017, highlighting the need for covered entities and business associates to focus on audit controls, risk management, and business associate agreements. While there has been a new...

X

SIGN UP and gain free access to articles, white papers, webcasts and exclusive interviews on

HIPAA Compliance
BYOD
Cybersecurity
Data Breaches
Ransomware

Our privacy policy

no, thanks