Maryland insurers must follow new data breach rules: 4 things to know

As of Oct. 1, health insurance providers in Maryland must notify the Maryland Insurance Administration if patient information is exposed in a cybersecurity incident, according to the HIPAA Journal.

Here are four things to know:

1. The requirements apply to health plans, health insurers, health maintenance organizations, managed care organizations, managed general agents and third-party insurance administrators.

2. If data elements are not encrypted, redacted or otherwise unreadable, insurance providers must alert the MIA of a breach when a patient’s first name or first initial and last name is affected along with one or more of the following: Social Security number, taxpayer identification number, passport number, driver's license number, health insurance number or credit card number.

3. The Maryland Insurance Administration's compliance and enforcement division must also be alerted if the organization believes patient information has been or is likely to be misused.

4. Along with sending a notification of the breach to members, health insurance providers must send a copy of the letter to the Maryland Insurance Administration.

More articles on cybersecurity:
58% of CISOs say weathering a breach makes them more attractive to potential employers: report
Hacking, IT incidents caused most August data breaches
Wyoming health system halts patient admissions after ransomware attack

© Copyright ASC COMMUNICATIONS 2020. Interested in LINKING to or REPRINTING this content? View our policies by clicking here.


Featured Content

Featured Webinars

Featured Whitepapers