Here are four things to know:
1. The requirements apply to health plans, health insurers, health maintenance organizations, managed care organizations, managed general agents and third-party insurance administrators.
2. If data elements are not encrypted, redacted or otherwise unreadable, insurance providers must alert the MIA of a breach when a patient’s first name or first initial and last name is affected along with one or more of the following: Social Security number, taxpayer identification number, passport number, driver’s license number, health insurance number or credit card number.
3. The Maryland Insurance Administration’s compliance and enforcement division must also be alerted if the organization believes patient information has been or is likely to be misused.
4. Along with sending a notification of the breach to members, health insurance providers must send a copy of the letter to the Maryland Insurance Administration.
More articles on cybersecurity:
58% of CISOs say weathering a breach makes them more attractive to potential employers: report
Hacking, IT incidents caused most August data breaches
Wyoming health system halts patient admissions after ransomware attack
At the Becker's 11th Annual IT + Revenue Cycle Conference: The Future of AI & Digital Health, taking place September 14–17 in Chicago, healthcare executives and digital leaders from across the country will come together to explore how AI, interoperability, cybersecurity, and revenue cycle innovation are transforming care delivery, strengthening financial performance, and driving the next era of digital health. Apply for complimentary registration now.
