NJ Just Set the Standard for Health Data Protection Laws


Mollie K. O’Brien, a Member of the Firm in the Health Care and Life Sciences practice, in the firm’s Newark office, authored an article in Law360, titled “NJ Just Set the Standard for Health Data Protection Laws.” (Read the full version — subscription required.)

Following is an excerpt:

Beginning Aug. 1, 2015, health insurance carriers in New Jersey will be obligated to do more to protect patient information than simply comply with the Health Insurance Portability and Accountability Act. A new law, signed by New Jersey Gov. Chris Christie on Jan. 9, 2015, specifically requires health insurance carriers to encrypt electronically gathered and stored personal information.

That this higher standard has evolved should come as no surprise. In April 2014, Reuters reported that the Federal Bureau of Investigation was disseminating letters to health care providers and institutions nationwide, advising that the industry lagged behind in cybersecurity. Underscoring the health care industry’s vulnerability compared to other industries, the FBI’s letter reportedly said, “The health care industry is not as resilient to cyberintrusions compared to the financial and retail sectors, therefore the possibility of increased cyberintrusions is likely.”