Oregon law widens 'personal information' breach umbrella to include health data

As of Jan. 1, 2016, Oregon's Consumer Identity Theft Protection Act of 2007 will include mandatory notification for individuals whose personal health information is breached, following the passage of Senate Bill 601.

On that date, the definition of sensitive identifying information will expand to include the following.

• Biometrics
• Health insurance policy numbers
• Unique identifiers of any kind used by health insurers
• Medical information history
• Any information about mental or physical conditions
• Information about a healthcare professional's medical diagnosis or treatment of an individual

The law also requires the state attorney general be notified in the instance of a data breaches or breaches of personal information involving 250 or more individuals.

More articles on personal health information:

50 things to know about the EHR market's top vendors
Hey doc, do you konw where your patient is?
20 things to know about meaningful use

© Copyright ASC COMMUNICATIONS 2018. Interested in LINKING to or REPRINTING this content? View our policies by clicking here.


Top 40 Articles from the Past 6 Months