Wednesday, February 27, 2008

More About Your Health Privacy

California has adopted legislation (AB 1298 - signed 10/14/2007) which provides that when a person's name plus medical information or health insurance information in unencrypted computerized form are acquired, or believed to be acquired, by an unauthorized person, individual notification of the breach, regardless of whether the social security numbers are involved, is required.

The "Privacy Legislative Update" (www.dhcs.ca.gov/Pages/LegislativeUpdate.aspx) indicates that the intent is to prevent the growing crime of medical identity theft and to protect confidential medical information by encouraging encryptation. Whenever there is a breach of computerized unencrypted data containing a person's name, California's Department of Health Care Services must determine whether data that has become lost or stolen or transmitted to an unauthorized party would trigger a security breach notification. Such information now includes two new categories: (i) health insurance information - defined as health insurance policy or subscriber numbers, any information in an individual's application and claims history, including any appeals records; and (ii) medical information - including any information regarding an individual's medical history, mental or physical condition, or medical treatment or diagnosis by a health care professional.

If you are not in California or a state which provides similar protection, you might wish to contact your state legislators to learn "why not?"

No comments: