All 50 states now have a separate privacy law. South Dakota and Alabama are the final two states to enact data breach notification laws. Other states like North Carolina are proposing to update their requirements that only allow 15 days to notify in the event of a data breach.
Although medical practices must adhere to the Federal HIPAA law guidelines, if your state law is more stringent state law will supersede federal notification requirements. You may also be required to notify your state officials or the credit reporting agencies. Know your state law!
Lastly, know where your patients or customers are located. Even if you are in a different state but you have their data, you must follow THEIR state privacy law. If you have any international patients or customers, be sure to understand how the GDPR will affect your organization. Then you must update your privacy policy within your office.
The link below lists the state and the statutes. Only a couple of the states have live links. If you want more information you will need to copy and paste in to Google.
http://www.ncsl.org/research/telecommunications-and-information-technology/2018-security-breach-legislation.aspx
To find out more about how our automated HIPAA compliance platform can help your organization click here:
https://arismedicalsolutions.com/aris-hipaa-service-automated-platform/
Or to schedule a demo click the contact us tab and scroll down.
“Simplifying HIPAA through Automation, Education, and Support