There are no exclusions from the notice control, which means healthcare organizations must report breach inside 30 days – half of the time required by HIPAA2. The point is to radically enhance protection and security for all organizations inside the state.
The enactment covers with HIPAA prerequisites, as legislators included medical and health insurance identification data to the types of data secured by the law.
What’s more, if there’s “a conflict between the time period for notice to individuals, the law or regulation with the shortest time frame for notice to the individual controls” the bill states.
With the senator’s signature, Colorado joins Florida as one of the hardest states for breach notification timelines. Florida additionally has a 30-day notice law, yet there’s a provision that gives organizations an additional 15 days if there’s a “decent reason for delay”.
Colorado is only one of the numerous states updating information protection and security laws in the wake of the massive breaches that affected Verizon, Equifax and a long list of others.
While such standards are meant to serve the privacy interests of constituents they increasingly require manpower that is hard to find in this challenging environment. Telegenisys helps its clients meet such requirements by providing HIPAA certified staff in a zero defects outsourced environment. We aim to make it easy for healthcare businesses to comply with business rules first through awareness and then with careful implementation of standards. Know more