Oregon law widens ‘personal information’ breach umbrella to include health data

As of Jan. 1, 2016, Oregon’s Consumer Identity Theft Protection Act of 2007 will include mandatory notification for individuals whose personal health information is breached, following the passage of Senate Bill 601.

Advertisement
By: Staff

On that date, the definition of sensitive identifying information will expand to include the following.

• Biometrics
• Health insurance policy numbers
• Unique identifiers of any kind used by health insurers
• Medical information history
• Any information about mental or physical conditions
• Information about a healthcare professional’s medical diagnosis or treatment of an individual

The law also requires the state attorney general be notified in the instance of a data breaches or breaches of personal information involving 250 or more individuals.

More articles on personal health information:

50 things to know about the EHR market’s top vendors
Hey doc, do you konw where your patient is?
20 things to know about meaningful use

How hospitals are making resident well-being core to GME

Recommended Live Webinar on Feb 5, 2026 11:00 AM - 12:00 PM CST

Advertisement

Next Up in Health IT

Advertisement

Comments are closed.