The Federal Department of Health and Human Services (HHS) is also ramping up their treatment of treating the need for personal information to be encrypted as part of their overall enforcement actions. The approach taken by HIPAA and the HHS would suggest that even if you operate in other states, it would be a wise move to approach your IT company to encrypt all personal information now rather than wait.
Encryption of email and other vital patient and personal information provides a higher level of protection from potential cyber breaches and ensures a higher level of security for your company.
The New Jersey encryption laws contain several particular elements that are worth mentioning because the law applies to a broad range of end user computer systems. This includes both desktops and laptops, along with mobile devices such as tablets and any form of removable media.
The personal information that is required to be encrypted include the person’s first name or initial, last name if linked with a Social Security number, state identification card or driver’s license number, their home address and applicable health information.
Fines for failing to comply with this new law are quite steep and can range from $10,000 for a first offence and up to $20,000 for subsequent offences. The law comes into effect very soon so if you’re operating in New Jersey, you better act fast.