Data breaches prompt NJ bill requiring health insurers to encrypt health data on all computers

Andrew Kitchenman reports:

The proliferation of personal health data – and the possibility that it could fall into the wrong hands – has spurred growing concern among consumers.

And those concerns have prompted New Jersey legislators to propose requiring health insurers to encrypt personal health data on all of their computers.

The bill, A-3322/S-562, comes nearly a year after two laptops with unencrypted information were stolen from Horizon Blue Cross Blue Shield of New Jersey’s Newark headquarters.

[…]

Insurance industry advocates have said that having each state set separate encryption rules would be costly. However, the New Jersey Association of Health Plans didn’t take a position on the proposed bill and Association President Wardell Sanders said that an amendment to the bill last spring appropriately limited the bill’s scope. That change clarified that the bill applies to end-user computer systems and information transmitted across public networks.

Read more on NJ Spotlight.

About the author: Dissent