[ Sunday, January 25, 2015 ]
New Jersey Requires Encryption:
Jeff [4:38 PM]
Beginning August 1, Garden State insurers
and healthcare providers must now encrypt all PHI
they collect or possess. It's more restrictive than HIPAA (where encryption is not required but is an addressable standard) so it's not preempted. This will raise issues for multi-state providers and insurers.
UPDATE: the new New Jersey bill only applies to "health insurance carriers," not to providers. The blog post I linked to implied that healthcare providers were also covered. Not so.
Hat tip: Theresa Defino
Blogger: HIPAA Blog - Edit your Template