Earlier this week, the Mintz Levin privacy team  updated the “Mintz Matrix,” a summary of the U.S. state data breach notification laws, with updates from New Mexico, Tennessee, and Virginia.  As the privacy team reports, with New Mexico enacting a data breach notification law, only Alabama and South Dakota remain the only states without data breach notification laws.  Their full blog post on the updates is available here.

In addition to complying with HIPAA, health care organizations must remain aware of the separate state notification obligations and other privacy and security laws when responding to data breaches.  These states laws are often broader than HIPAA and apply may apply to personally identifiable information that is not protected health information.

Our quick disclaimer: The Mintz Matrix is for informational purposes only and does not constitute legal advice or opinions regarding any specific facts relating to specific data breach incidents. You should seek the advice of experienced legal counsel (e.g., the Mintz Levin privacy team) when reviewing options and obligations in responding to a particular data security breach.

As reported on the Privacy and Security Matters blog last week, the Mintz Levin privacy team recently updated the “Mintz Matrix,” a summary of the U.S. state data breach notification laws that we update on a quarterly basis, or more frequently as needed.  In addition to HIPAA, health care organizations must remain aware of the separate state notification obligations and other privacy and security laws when responding to data breaches. The Mintz Matrix is available here.

Continue Reading Mintz Matrix Updated with Amended State Data Breach Notification Laws in Five States

Although National Cyber Security Month isn’t until October, September has brought plenty of privacy and security updates that health care companies need to be aware of.  In this post, we review guidance from the Office for Civil Rights (OCR) on cyberattacks, describe new state breach notification laws, and highlight the upcoming NIST/OCR security conference. Continue Reading September Privacy and Security Updates

My colleagues in the Privacy and Security Group recently updated the Mintz Matrix, a summary of U.S. state data breach notification laws. While we often discuss HIPAA on Health Law and Policy Matters, health care organizations must be aware of separate state notification requirements and other privacy and security laws that may apply in the event of a data breach. We update the Mintz Matrix on a quarterly basis, or more frequently if necessary.

The updated Mintz Matrix is available here. The Privacy and Security Matters Blog recapped the main updates, including Tennessee’s amendments to its breach notification requirements, which impose a stricter time frame for notification and remove the safe harbor for encrypted data.

We hope this chart is helpful to you, but we must note that it is for informational purposes only and does not constitute legal advice or opinions regarding any specific facts relating to specific data breach incidents. You should seek the advice of experienced legal counsel (e.g., the Mintz Levin privacy team) when reviewing options and obligations in responding to a particular data security breach.

As reported in a recent Privacy and Security Matters post, we have updated the “Mintz Matrix,” a summary of the U.S. state data breach notification laws. The Mintz Matrix is an invaluable tool for reviewing state breach notification requirements, which may apply in addition to HIPAA in the event of a data breach. We update the Mintz Matrix on a quarterly basis, or more frequently if necessary. Continue Reading New Year, New Breach Notification Laws

As reported in a Privacy and Security Matters post last week, we maintain a summary of the U.S. state data breach notification laws, which we refer to as the “Mintz Matrix.”   We update the Mintz Matrix on a quarterly basis, or more frequently if necessary.  The Mintz Matrix is available here.  This update includes new information about Kentucky and Iowa laws.

We hope this chart is helpful to you, but we must note that it is for informational purposes only and does not constitute legal advice or opinions regarding any specific facts relating to specific data breach incidents. You should seek the advice of experienced legal counsel (e.g., the Mintz Levin privacy team) when reviewing options and obligations in responding to a particular data security breach.