States Ascendant in Standards for Data Privacy and Cybersecurity: How to Prepare

March 13, 2019 Mayuri Kumar

State governments are not waiting for the United States Congress to pass a comprehensive national set of data privacy and cybersecurity standards. Each of the 50 states now has its own breach notification laws, with nearly one-half adopting data security and/or data disposal requirements to protect consumers’ personally identifiable information (PII) from unauthorized disclosure. While most states are not taking a sectorial approach to the type of PII that must be protected, New York and South Carolina have adopted cybersecurity requirements that target industries that include health plans and insurers.

A number of state attorneys general (AGs) are bringing enforcement actions to protect consumer information from unauthorized disclosure. AGs in Massachusetts, New York, and New Jersey have been extremely aggressive, collecting millions of dollars in settlements from healthcare systems and an assortment of IT services vendors for failing to safeguard data containing sensitive personal information.

David Holtzman's comments are featured in this article.

Previous Article
CynergisTek and Protenus Join Forces as Partners to Protect Patient Privacy
CynergisTek and Protenus Join Forces as Partners to Protect Patient Privacy

Top Cybersecurity Firm and Leading Healthcare Compliance Analytics Company Establish Preferred Partnership;...

Next Article
ONC Information Blocking Rule Raises Privacy and Security Concerns
ONC Information Blocking Rule Raises Privacy and Security Concerns