This has pretty much been policy by many, but now it is the law...BD
California residents must now be notified when their electronic medical information or health insurance information has been exposed.
AB1298, which took effect Tuesday, expands California's data-breach notification law to include unencrypted medical histories, information on mental or physical conditions, and medical treatments and diagnoses. Also covered under the law are unencrypted insurance policy or subscriber numbers, any applications for insurance, claims histories and appeals.
"I think a lot of organizations will end up being surprised by this law," Dixon said.
The law also prevents any company that holds electronic personal health records from disclosing that information without consent.