Running a health care facility requires attention to detail in maintaining the protection of your patients’ sensitive information. Following the federal Health Insurance Portability and Accountability Act (HIPAA) is the first but not the last step.
In New York, you must ensure that your health care establishment complies with the Stop Hacks and Improve Electronic Data Security (SHIELD) Act. Understanding what this is about can offer insights into improving your data security practices.
Defining the SHIELD Act
The SHIELD Act requires businesses to implement reasonable safeguards to protect the privacy of sensitive information of New York residents. These can include, but are not limited to, the following security measures:
- Conducting internal and external audits to identify potential risks
- Improving access control on hardware and software
- Implementing proper disposal methods
- Creating a contingency plan in case a breach occurs
This statute concerns health care laboratories and pharmacies, especially if you handle private information of patients in the state. While HIPAA revolves around securing protected health information, the SHIELD Act has a broader coverage, encompassing a patient’s social security number and biometrics.
Responding to a SHIELD data breach
A breach occurs when an unauthorized individual gains access to your facility’s data. Their involvement can compromise the integrity and confidentiality of your patients’ private information. When a breach happens, you must immediately notify certain parties as stated in the law. Failure to do so can lead to hefty penalties and reputational damage.
Reporting a breach can be a complex process that involves legal paperwork and tight deadlines. Given the challenging matter, you can consider seeking counsel to gain guidance on navigating state and federal laws. Attorney John Rivas is responsible for this communication.
