Tuesday, September 10, 2013
North Dakota updates data breach notification rules
North Dakota has updated its data breach notification rules to include medical information.
As we recently highlighted, the EU has implemented new rules concerning the reporting of data breaches by internet and telecommunications providers. SC Magazine reported that these organizations must now alert the relevant authorities of a data breach within 24 hours of the initial discovery, as well as provide a follow-up report if details were missing or unclear.
Speaking to the news source, Todd Hinnen, a partner with a privacy and security firm, indicated that while the United States does not currently have such demanding data breach reporting regulations, he was confident that additional laws are almost certainly on the horizon. If such policies are implemented, the consequences of a data breach for a given organization will grow, thereby increasing the importance of high-quality secure file transfer solutions.
Already, signs have appeared which suggest that Hinnen's prediction was accurate. As V. John Ella of Jackson Lewis recently highlighted for Lexology, North Dakota has updated its data breach notification rules to include medical information.
Healthcare breaches in North Dakota
Ella reported that the new amendment to North Dakota's data breach notification law now applies to exposed medical information and health insurance data. This new law has already taken effect.
Ella noted that while this represents a change for North Dakota-based healthcare providers, similar data breach notification laws already exist in California, Texas, Missouri and other states.
Benefits and challenges
Such laws provide greater protection for patients whose information has potentially been exposed, as these notifications allow them to take proactive steps to protect their identities.
However, they present challenges for the healthcare providers themselves. With such mandates in place, these organizations risk even more damaging reputation fallout from breaches, as well as the threat of fines and other sanctions stemming from failure to comply with the new regulations.
Obviously, organizations that may be affected by these laws need to develop reliable methods for abiding by these stipulations, in order to ensure compliance. However, it is even more important for these firms to take steps to reduce the risk of data breaches occurring in the first place.
To this end, secure file transfer tools are critical. These resources allow personnel to send and receive sensitive healthcare information without the risk of exposure, thereby adding a critical layer of data protection to the organization's operations.