Mark Mattioli Examines PA's New Health Data Compliance Requirements for Lawyers for Law360
In the July 10, 2023 article, "New Health Data Compliance Considerations For Pa. Lawyers," for Law360, Mark L. Mattioli examines recent amendments to Pennsylvania's data breach law, the Breach of Personal Information Notification Act, which took effect on May 3, 2023.
Mr. Mattioli notes that the amendments, relating to encrypted data and notice of vendor and partner company data breaches, are significant and include information not currently covered by the federal Health Information Portability and Accountability Act of 199 (HIPAA).
In discussing the impact of the amendments on lawyers practicing in Pennsylvania, Mr. Mattioli notes:
"The changes to the Act provide that any entity that stores 'computerized' personal information must notify any resident of the state of a breach. The amendments are significant in that they require an entity to provide notice if 'encrypted' information is accessed in any unencrypted form. Furthermore, the Pennsylvania law now requires that 'vendors' report any breaches to the entity responsible for the information."