Oregon law widens 'personal information' breach umbrella to include health data

Staff -

As of Jan. 1, 2016, Oregon's Consumer Identity Theft Protection Act of 2007 will include mandatory notification for individuals whose personal health information is breached, following the passage of Senate Bill 601.

On that date, the definition of sensitive identifying information will expand to include the following.

• Biometrics
• Health insurance policy numbers
• Unique identifiers of any kind used by health insurers
• Medical information history
• Any information about mental or physical conditions
• Information about a healthcare professional's medical diagnosis or treatment of an individual

The law also requires the state attorney general be notified in the instance of a data breaches or breaches of personal information involving 250 or more individuals.

Copyright © 2024 Becker's Healthcare. All Rights Reserved. Privacy Policy. Cookie Policy. Linking and Reprinting Policy.