Our colleague Mollie K. O'Brien at Epstein Becker Green wrote an advisory on a new law that will increase the protection of personal information under HIPPA by mandating encryption on all computerized data collected by health insurance carriers: "Beyond HIPAA: New Jersey Law Requires Encryption of Personal Data by Health Insurance Carriers." Following is an excerpt:
In response to data breaches that have occurred across the United States, several of which involved the theft of laptop computers, beginning August 1, 2015, health insurance carriers in New Jersey will be obligated to do more to protect patient information than simply comply with the federal Health Insurance Portability and Accountability Act ("HIPAA"). A new law, signed by Governor Chris Christie on January 9, 2015, specifically requires health insurance carriers to encrypt electronically gathered and stored personal information.
The key terms in the law are defined as follows:
- "Health insurance carriers" means "an insurance company, health service corporation, hospital service corporation, medical service corporation, or health maintenance organization authorized to issue health benefits plans in this State."
- "Personal information" means "an individual's first name or first initial and last name linked with any one or more of the following data elements: (1) Social Security number; (2) driver's license number of State identification card number; (3) address; or (4) identifiable health information."
Read the full advisory here.