Stay Up-To-Date on State Data Breach Laws

click here to learn more...
The Health Insurance Portability and Accountability Act (“HIPAA”), as amended by the Health Information Technology for Economic and Clinical Health (HITECH) Act, continues to establish federal requirements that protect the privacy and security of individually identifiable health information or “PHI” that is created or received and maintained by HIPAA covered entities and their business associates. 

At the state level, laws have been similarly adopted to protect the privacy and security certain personal information, including but not limited to social security and other government issued numbers, that may be created or received and maintained by health care providers and other persons or entities in the normal course of business.  Specifically, Indiana’s laws can be found here, Illinois’ laws can be found here, and Minnesota’s laws can be found here and here.
As a sign of the times, Florida recently amended its state laws to expand its definition of  personal information and to reduce the time period within which breach notification obligations must be completed in the event of an unauthorized access to any such personal information.  To view a copy of the amended Florida state law, go here. Given the increasing number of data breach events across the country, we fully expect other states to follow Florida’s lead in amending their state laws accordingly. 
If you are a HIPAA covered entity or business associate and your PHI includes any personal information that is protected by applicable state laws, please contact Susan Ziel at if you need assistance updating your PHI privacy and security policies and procedures, including incorporating these various state requirements.