USA - Illinois
Statutory exemptions Entities subject to the privacy and security standards outlined in the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”) and Health Information Technology for Economic and Clinical Health Act (“HITECH”) will be in compliance with PIPA’s breach notification requirements if they provide a copy of any breach notice sent to Health and Human Services to the Illinois Attorney General within five days. Territorial and extra-territorial application PIPA, applies to any data collector that owns or licenses computerized personal information concerning an Illinois resident, regardless of the location of the data collector.
Of note, personal information does not include publicly available information that is lawfully made available to the general public from government records.
Legislative Framework Key Stakeholders Data Collector
Definition of different categories of personal data PIPA further defines “health insurance information” to include: an individual’s health insurance policy number, subscriber identification number, unique identifier used to identify an individual, medical information in a health insurance application, and claims history. “Medical information” means any information regarding an individual’s medical history, mental or physical condition, or treatment or diagnosis by a healthcare professional.
“Data Collector” refers to, but is not limited to, government agencies, public and private universities, privately and publicly held corporations, financial institutions, retail operators, and any other entity that, for any reason, handles, collects, disseminates, or otherwise deals with nonpublic personal information.
https://www.mcdonaldhopkins.com/
Made with FlippingBook - PDF hosting