With Alabama and South Dakota becoming the last two states to adopt breach notification laws, notification processes become more complicated, says privacy attorney Adam Greene in an interview.
That’s particularly the case for healthcare entities and business associates that are also liable for breach notification under HIPAA. When there’s a breach, healthcare entities and their vendors should consider prioritizing compliance with state breach notification requirements, he says.
Greene discusses a range of issues, including:
- Why all types of entities need to pay especially close attention to the intricacies of each state’s breach notification requirements;
- States that have the most stringent breach reporting requirements;
- Why Texas was previous considered as having a “de facto” national breach law, and what changes now that all 50 states have their own;
- The likelihood that Congress will pass a national breach notification law.
