News site default image

Several States in Process of Updating their Healthcare Data Breach Notification Laws

Shared by Radhika Narayanan | 3 0 0 | about 3 years ago

Federal Health Insurance Portability and Accountability Act (HIPAA) requirements remain a top concern of covered entities that are grappling with breach notification issues, but several states are in the process of updating their data breach laws. Tennessee and Oregon are two states that recently enacted updates to ensure that their residents have greater protections. As cybersecurity threats and healthcare data breaches increase, more state officials are looking their legislative and regulatory options.

Recent research suggests that less than half of states include healthcare data or medical information in their data breach notification standards. The HIPPA breach notification rule requires that covered entities and their business associates provide notification following a breach of unsecured protected healthcare information (PHI). Healthcare organizations are required under HIPAA to notify patients, the Department of Health and Human Services (HHS) and potentially the media.

Tennessee recently enacted a change to its data breach notification laws. The new law removes the word “unencrypted” from describing the type of compromised information that would necessitate notification. In addition, the state is now requiring that disclosure of a breach has to be made immediately, at least within 14 days following the discovery of a breach. This amended law will become effective July 1, 2016, and will apply to data breaches that occur after that date.

Read More On www.himss.org

Categories Cybersecurity HIE policies & guidelines



1 Votes


You must log in to post a comment