HIPAA Blog

[ Wednesday, January 10, 2007 ]

 

State Privacy Breach Notification Laws: I'm currently working on a response issue for a client as well as an analysis of the CMS security guidance, which touches on the same area, but since California started the trend a few years ago, many states have enacted statutes that require companies to notify individuals if the company suffers a breach of its information systems or otherwise loses personal information about the individuals. The notification laws are intended to give consumers an early chance to prevent or at least be vigilant for possible identity theft problems.

The AHLA "HIT" list (the health information technology listserv) is currently batting around several compilations of state privacy breach notification laws, and I thought it would be useful to cross-post them here:

1. The Georgetown Health Privacy Project has a list of all state laws relating to privacy of health or medical records.

2. National Conference of State Legislatures list of state laws regarding genetic information.

3. The National Association of Chain Drug Stores HIPAA preemption analysis is here, but it looks like it has lapsed.

4. National Conference of State Legislatures list of state laws regarding privacy breaches.

5. Privacy Rights Clearinghouse's list of all state laws dealing with privacy.


Hat tips: Alan Goldberg, John Christiansen, and Jackie Chapman-Pointer

Jeff [10:58 AM]

Comments: Post a Comment
http://www.blogger.com/template-edit.g?blogID=3380636 Blogger: HIPAA Blog - Edit your Template