The U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR) plans to issue an advance notice of proposed rulemaking this November on potentially sharing HIPAA breach settlements with victims.
HITECH
Anthem breach poses significant cybersecurity risks for Anthem’s customers; may trigger legal obligations
Organizations whose employees are insured by Anthem or whose self-insured health plans are administered by Anthem should consider steps to mitigate the cybersecurity and legal risk arising from the breach recently reported by Anthem.
The hackers who perpetrated the Anthem…
Encryption of patient personal information to be the law of the land in New Jersey
Following a number of reports of theft and misplacement of computer disks, laptops, and thumb drives containing unencrypted patient information from New Jersey medical centers, the New Jersey state legislature enacted a law on January 9, 2015, which prohibits health insurance carriers from electronically compiling and maintaining certain patient information unless that information has been encrypted.
The law, New Jersey S562 (“S562”), which will become effective on August 1, 2015, supplements the New Jersey Division of Consumer Affairs Consumer Fraud Act. It was passed in response to an epidemic of breaches at New Jersey hospitals that resulted in the compromise of thousands of patients’ records that were stored on unencrypted computers and computer equipment. The records included patients’ names, addresses, dates of birth, social security numbers and medical information.
By mandating that health care insurers encrypt sensitive patient data, New Jersey seeks to ensure that patients’ personal information is no longer subjected to potential disclosure to unauthorized persons. Sponsors of the legislation argued that it sends a clear message to the public that the government is committed to enforcing the state’s consumer protection laws against health care insurers that have access to patients’ private information.
The key requirements of S562, as well as our recommendations are summarized below.