Updated Rhode Island legislation hopes to cut down on medical identity theft and other issues from data breaches.

Medical identity theft is just one potential issue that recent Rhode Island legislation hopes to solve.

Set to go into effect on June 26, 2016, the new Rhode Island Identity Theft Protection Act requires businesses and organizations of all sizes to implement and maintain a risk-based information security program, along with other key provisions.

This legislation replaces the current law, and has some similarities, such as data breach notification must be given in the “most expedient time possible.” However, the new Act requires that notice be given within 45 days after confirmation of the breach.

Another important change to the law was adding medical information, health insurance information, and email addresses to what is considered “personal information.” Should any of that defined data be compromised, then Rhode Island businesses will need to act accordingly.

Click here to read the full article.

February 23, 2016 Elizabeth Snell, HealthIT Security