Privacy & Security

Iowa legislature proposes requiring orgs to report breaches within 45 days

The proposed bill is just the latest from state governments pushing for tighter breach reporting requirements in the wake of major breaches like Equifax, Target and Verizon.
By Jessica Davis
January 29, 2018
03:05 PM

Iowa has joined the growing number of state governments to tighten up data security laws by proposing an update to its breach notification act, which includes a requirement for organizations to report data breaches within 45 days.

Although Iowa previously required organizations to report breaches “without reasonable delay,” the proposal specifies the timeline. The timeframe is about two weeks shorter than HIPAA breach reporting requirements, which is within 60 days.

[Also: North Carolina proposes law requiring data breaches to be reported in 15 days]

Proposed in a judiciary hearing last week, House Study Bill 526 would also add new categories to reporting requirements, including medical records. These requirements apply to personal data in any form – not just computerized data – and expand the definition of personal information.

Further, the proposed bill would require organizations to increase encryption of data to 128-bit if they want to be exempted from the breach reporting requirements.

The proposed bill comes on the heels of the Equifax breach announcement in 2017, which impacted 1.1 million Iowans. Iowa opened an investigation into Equifax after the announcement, which includes a multistate investigation by a group of bipartisan attorneys general.

[Also: Proposed Senate bill would fine, jail execs who conceal data breaches]

The state is the most recent to propose changes to its breach reporting requirements in light of the data breaches of Equifax, Verizon, Uber, Target and others.

In January, North Carolina proposed shortening its reporting requirements to just 15 days. A U.S. Senate bill proposed in December would fine and jail executives who conceal data breaches.

And just last week, a South Dakota Senate panel approved data breach legislation that would require all breaches of more than 250 people to be reported to the state within 60 days unless the company could prove consumers couldn’t be harmed as a result.

As the number and impact of breaches continue to expand, it’s likely states will continue to crack down on reporting requirements in an effort to protect consumers.

Twitter: @JessieFDavis
Email the writer: jessica.davis@himssmedia.com

Topics: 
Privacy & Security

More regional news

Clinician in scrubs at a hospital computer

CommonSpirit partners up with U of U for clinical collaboration

By
Andrea Fox
November 22, 2024
Stethoscope on an iPad

HIMSSCast: Care provider or tool? When and why patients like AI

By
Andrea Fox
November 22, 2024

EHR tips on migrating an all-digital hospital to Epic

By
Bill Siwicki
November 22, 2024
Want to get more stories like this one? Get daily news updates from Healthcare IT News.
Your subscription has been saved.
Something went wrong. Please try again.

Top Story
EHR tips on migrating an all-digital hospital to Epic

Most Read

Particle Health files antitrust suit against Epic
Choosing a managed IT service for aged care
ASTP intros 2024 draft Federal FHIR Action Plan
CrowdStrike all but assures Capitol Hill: Never again
Korea's largest hospital bags APAC's first Stage 6 of new INFRAM
Sens. Warner & Wyden seek healthcare cybersecurity mandates in new bill

Research

White Papers

More Whitepapers

Patient Engagement
Patient Engagement
Financial/Revenue Cycle Management

Webinars

More Webinars

Imaging
Interoperability
Artificial Intelligence

Video

David Miles at Oklahoma Heart Hospital_Part 2_Doctor holding health icon Photo by Tippapatt/iStock/Getty Images Plus
Switching from Cerner to Epic? Meet a CIO who made it out alive
David Miles at Oklahoma Heart Hospital_Part 1_Doctor holding health icon Photo by Tippapatt/iStock/Getty Images Plus
The CIO of an all-digital hospital walks readers through its successes
Dr Alice Sutedjo Lisa at SMC Telogorejo Hospital_HIMSS24 APAC
Assisting the elderly in digital care
Dr. Benoit Desjardins of the University of Montreal
Cyberattacks are becoming more widespread, and more disruptive

More Stories

Agency cybersecurity infosec illustrated by many colored streams harnessed by a lock
OIG again deems HHS' infosec program ineffective
Joanna Lucas, RN, of St. Luke's University Health Network
Case and referral management technology gets big results for St. Luke's
Dr. Benoit Desjardins of the University of Montreal
Cyberattacks are becoming more widespread, and more disruptive
Northwestern Medicine
Northwestern Medicine announces international healthcare collaboration
BJ Schaknowski of symplr
Too many IT systems with limited alignment impacts care quality
Doctor in scrubs using computer
Tenet to deploy AI platform across its physician network
Healthcare CIO with other healthcare executives
Health system CIOs' strategic responsibilities continue to evolve
George Pappas at Intraprise Health_Digital shield and lock Photo by da-kuk/Getty Images
Tighter cyber mandates hold New York providers to higher security standards