Starting January 1, 2016, California businesses will be required to implement changes to their data breach notification procedures. New state legislation, Senate Bill 570, sets forth specific standards in formatting in language used in data breach notices provided to affected individuals.
Prior to 2016, California businesses were required to disclose a breach of the security of protected health information (PHI) in plain language. The new law essentially requires a template notice entitled “Notice of Data Breach” with content provided under the following headings:
- What Happened
- What Information Was Involved
- What We Are Doing
- What You Can Do
- For More Information
Additionally, the text of the required notice shall be no smaller that 10-point type. The notice must be conspicuously posted on the entity’s website, if it maintains one, for a minimum of 30 days.
In addition to SB 570, the California Legislature also passed Assembly Bill 964, which provides guidance on when data is considered to be encrypted. AB 964 states that data are properly encrypted if the information has been “rendered unusable, unreadable, or indecipherable to an unauthorized person through a security technology or methodology generally accepted in the field of information security”.
Implementing and maintaining effective security safeguards, followed by employee training, are critical to minimizing liability. The U.S. Department of Health and Human Services (HHS) reported in December that the University of Washington has agreed to pay a $750,000 settlement following a breach report that 90,000 patients had their personal information accessed. The breach occurred when an employee downloaded an email attachment containing malicious malware. Another common source of PHI breaches is stolen, non-encrypted laptops.
Since 1992, OSHA Review, Inc. has provided dental professionals with comprehensive programs to support regulatory compliance and infection control. We are a registered dental continuing education provider in the state of California, specializing in Dental Practice Act, infection control, and OSHA training.