|Posted:||April 29, 2021 02:03 PM|
|From:||Representative Nick Pisciottano and Rep. Natalie Mihalek|
|To:||All House members|
|Subject:||Protecting Pennsylvanians’ Personal Information|
|In the mad scramble to receive a COVID-19 vaccine, many Pennsylvanians registered with numerous providers in the hopes of getting an appointment as soon as possible. Many of our constituents left their community for their vaccination appointment and some traveled hours to other parts of the state. In many cases, they provided their personal information to ten or more providers as a prerequisite to even search appointment availability.
Ultimately, only one provider ended up vaccinating any given individual, but the individual’s personal information is currently stored with every provider that the individual attempted to secure an appointment from. This personal information includes basic data such as name and address, but could also include medical history, occupation, social security number, insurance records, and more. There is no reason for providers to retain the personal information of those people who they never end up vaccinating and do not already serve. This is unnecessary for the providers and puts individuals at greater risk of having their personal information compromised in the future. There is simply no reason why a pharmacy two hours away that did not administer the vaccine should have access to our constituents’ sensitive data into perpetuity. A data breach due to lax privacy controls exposed the personal information of over 70,000 Pennsylvanians just this week.
It is for this reason that we are introducing legislation requiring COVID-19 vaccine providers to delete the personal information of individuals who register to receive a COVID-19 vaccine from the provider, but do not receive a vaccine from the provider within six months. The language of the bill includes exemptions for medical records that any existing law or regulation require providers to maintain and narrowly applies to only information collected during the COVID-19 vaccination appointment process.
Please join us in co-sponsoring this consumer protection bill that guards the privacy of Pennsylvanians and seeks to prevent sensitive data loss in any future data breaches.
Introduced as HB1380