Healthcare Compliance Training and Certification

HIPAA News

Colorado Governor Signs Data Protection Bill into Law

by | Jun 5, 2018

In Colorado bill HB 1128 has been signed into law by Governor John Hickenlooper. This bill enhances security for consumer data in the state of Colorado. The bipartisan bill, sponsored by Reps. Cole Wist (R) and Jeff Bridges (D) and Sens. Kent Lambert (R) and Lois Court (D), was unanimously passed by the Colorado State Legislature. The bill will take become enforceable on September 1, 2018.

From that date organizations conducting business the state of Colorado must adapt reasonable security measures and practices to ensure the personal identifying information (PII) of state residents is secured. The bill also minimizes the time for making the state attorney general aware of  breaches of PII and sets in places new rules for disposing of PII when it is no longer needed.

Personal information is classified as first name and last name or first initial and last name along with any of the following data elements (when not encrypted, redacted, or safeguarded by another means that renders the information unreadable):

  • Social Security details
  • Student Identification number
  • Military ID information
  • Passport credentials
  • Driver’s license number or ID card
  • Medical info and history
  • Health insurance policy number
  • Biometric data
  • Email addresses along with passwords or security Q&As
  • Banking account numbers, and credit cards and debit cards with associated security codes that would grant access/use

Covered organizations must implement and maintain “Reasonable security procedures and practices that are appropriate to the nature of the personal identifying information and the nature and size of the business and its operations.” Those tactics should protect PII from unauthorized access, amendment, disclosure, and destruction. In cases where PII is shared to a third party, the covered body must ensure the third party also has reasonable security measures established.

A written policy must be developed by all firms that manage the personal data of Colorado citizens covering the disposal of that information when it is no longer needed. Electronic data and physical documents listing PII must be disposed of securely. The bill implies that  “shredding, erasing, or otherwise modifying the personal identifying information in the paper or electronic documents to make the personal identifying information unreadable or indecipherable through any means.”

 

Raise the level of HIPAA Awareness in your organization with Learner-Friendly, Comprehensive and Affordable HIPAA Training.

COMPREHENSIVE HIPAA TRAINING

Ryan Coyne

Ryan Coyne is a results-driven leader in the healthcare compliance industry, specializing in regulatory compliance, compliance training, and assisting healthcare organizations and business associates in achieving and maintaining compliance. With a deep knowledge of healthcare regulations and a keen understanding of the challenges faced by the industry, Ryan has developed a reputation as a trusted advisor and advocate for ethical and compliant practices in healthcare. Ryan has successfully advised and guided numerous healthcare organizations, business associates, and healthcare professionals on achieving and maintaining compliance with regulatory training requirements. Ryan's professional focus is using his in-depth expertise and leading a world class team of subject matter experts at ComplianceJunction in regulatory compliance to help organisations navigate the complex landscape of ensuring staff adhere to healthcare regulations. You can connect with Ryan via LinkedIn and follow on Twitter

Raise the level of HIPAA Awareness in your organization with Learner-Friendly, Comprehensive and Affordable HIPAA Training.

Comprehensive HIPAA Training

Used in 1000+ Healthcare Organizations and 100+ Universities

    Full Course - Immediate Access

    Privacy Policy