Dive Brief:
- Healthcare organizations need to comply not only with federal data security laws, but also with state laws--and there is currently a trend in which state regulations are getting tighter.
- Given the number of high-profile data security failures in New York, the state is among those giving the issue more scrutiny. A law being proposed there would include a safe harbor rule for organizations that do take recommended steps to implement certain data security safeguards that would minimize their risks of a breach.
- Other states looking at such legislation include Oregon and Indiana.
Dive Insight:
New York's move comes after a report found healthcare organizations to be the state's biggest offenders for data breaches, with healthcare data breaches compromising the largest number of records of New Yorkers since 2006.
"With some of the largest-ever data breaches occurring in just the last year, it's long past time we updated our data security laws and expanded protections for consumers," says NY Attorney General Eric T. Schneiderman. "We must also remind ourselves that companies can be victims, and that those who take responsible steps to safeguard customer data deserve recognition and protection."
Healthcare data security is an ever-growing concern as high-profile breaches put the data of consumers, employees and vendors at risk—not to mention shake their trust, a costly thing for providers to lose. The challenges will only grow, and organizations should take advantage of any opportunities to meet safe harbor rules and to meet consumers' expectations.