Privacy Laws Move from Notification to Fines
Jan 16, 2009
New Exposures
In 2008, privacy breaches increased 47%. Healthcare firms produced 14.8% of them.[i] As a result, state and local governments are taking off the gloves. Healthcare providers will face new exposures to loss in 2009, as a result of state-enacted privacy-protection laws for healthcare. California and several other states have recently enacted laws that impose substantial administrative penalties and fines for privacy violations. At the same time, Health and Human Services has announced new enforcement initiatives around HIPAA and has fined its first hospital.
California Laws
Before
California led the nation in privacy notification laws with SB1386. This law is now part of the civil code (1798.29, 1798.82, and 1798.84). The definition of private data was subsequently amended to include medical information or health-insurance information. In addition, the code was also amended to require information-security safeguards (798.81.5) by both firms and their vendors. Although these laws do not impose fines, they do require that firms publicly notify a class of victims that they have a cause of action under a privacy tort.... read full article here.
[i] The Identity Theft Resource Center's 2008 breach report reached 656 reported breaches at the end of 2008. The number for 2007 was 446. Healthcare breaches totaled 97.
