Maryland amends, expands data breach law

Maryland has broadened its definition of personal information under its its Personal Information Protection Act, reports Lexology.

Current law considers breaches affecting Social Security number, driver's license number, financial account number or taxpayer identification number, in conjunction with first and last name, as compromised personal information. The amended act — House Bill 974, which goes into effect Jan. 1 — will include the following in its definition of personal information.

1. Passport numbers and other identification numbers issued by the federal government

2. State identification card numbers

3. Health information created by a HIPAA-covered entity including medical history, condition, treatment or diagnosis

4. Health insurance policy information

5. Biometric data

6. A username or email address in combination with a password or security question and answer

The law creates a 45-day timeframe for breach notification to the state's attorney general. The amended act will also redefine breach to mean only unauthorized acquisitions of personal information, whereas the current law indicates breaches include unauthorized acquisition or access of personal information.

More articles on health IT: 

NSF to offer $730k+ in cybersecurity scholarships

Federal IT 'purge': 5 executive moves to know

Viewpoint: 7 up-and-coming health technologies for CIOs, CTOs to know

Copyright © 2024 Becker's Healthcare. All Rights Reserved. Privacy Policy. Cookie Policy. Linking and Reprinting Policy.

 

Featured Whitepapers

Featured Webinars