BreachExchange mailing list archives
Maryland insurers must follow new data breach rules: 4 things to know
From: Destry Winant <destry () riskbasedsecurity com>
Date: Thu, 26 Sep 2019 09:52:31 -0500
https://www.beckershospitalreview.com/cybersecurity/maryland-insurers-must-follow-new-data-breach-rules-4-things-to-know.html As of Oct. 1, health insurance providers in Maryland must notify the Maryland Insurance Administration if patient information is exposed in a cybersecurity incident, according to the HIPAA Journal. Here are four things to know: 1. The requirements apply to health plans, health insurers, health maintenance organizations, managed care organizations, managed general agents and third-party insurance administrators. 2. If data elements are not encrypted, redacted or otherwise unreadable, insurance providers must alert the MIA of a breach when a patient’s first name or first initial and last name is affected along with one or more of the following: Social Security number, taxpayer identification number, passport number, driver's license number, health insurance number or credit card number. 3. The Maryland Insurance Administration's compliance and enforcement division must also be alerted if the organization believes patient information has been or is likely to be misused. 4. Along with sending a notification of the breach to members, health insurance providers must send a copy of the letter to the Maryland Insurance Administration. _______________________________________________ BreachExchange mailing list sponsored by Risk Based Security BreachExchange () lists riskbasedsecurity com If you wish to Edit your membership or Unsubscribe you can do so at the following link: https://lists.riskbasedsecurity.com/listinfo/breachexchange
Current thread:
- Maryland insurers must follow new data breach rules: 4 things to know Destry Winant (Sep 26)