Calif. amends its data notification law
Calif. Gov. Jerry Brown has signed a breach notification amendment into law that clarifies the definition of encrypted data, standardizes breach notification language and expands the definition of personal information.
The law includes the following three bills, according to an article published by HealthITSecurity.com:
- Assembly Bill 964 defines properly encrypted data as "rendered unusable, unreadable or indecipherable to an unauthorized person through a security technology or methodology generally accepted in the field of information security."
- Assembly Bill 570 says notifications must be titled "Notice of Data Breach," and must include subheadings covering everything from what happened, what information was compromised and what the patients and organization can do to in the wake of the breach.
- Assembly Bill 34 says personal information now includes data captured by automated license plate recognition systems.
In July, UCLA Health's computer network was hacked and may have compromised the personal and medical information of up to 4.5 million people.
A breach report from the California attorney general's office found that 70 percent of breaches involving the state's healthcare industry were due to unencrypted data on lost or stolen hardware or portable media in 2014. Strong encryption would fix much of the problem, the report said.