Posted: | April 23, 2015 04:16 PM |
---|---|
From: | Senator Charles T. McIlhinney, Jr. |
To: | All Senate members |
Subject: | Memo #14 - Health Insurer Encryption Requirements |
In the near future, I plan to introduce legislation that would require health insurance carriers authorized to issue health benefit plans in Pennsylvania to encrypt personal information. Recently cyber attackers executed an attack on Anthem Blue Cross Blue Shield’s IT systems and obtained personal information on up to 80 million Americans relating to current consumers and employees and those who have received coverage in the past. The information accessed included names, birthdays, social security numbers, street addresses, email addresses and employment information, including income data. The company admitted that their files were not encrypted. The Health Insurance Portability and Accountability Act (HIPAA) requires health insurance carriers to employ measures that protect personal information but does not establish a baseline means of protection. HIPAA regulations encourage encryption, but do not require it. My legislation would apply to personal information maintained in end user computer systems and computerized records transmitted across public networks. I encourage you to join with me in cosponsoring this important legislation to further address concerns about privacy and cybersecurity issues for our constituents. |
Introduced as SB1020