Back to News

Pennsylvania’s Amendments to Data Breach Law Now Extend to Senior Living Entities

Published on

December 29, 2022

In May 2023, Pennsylvania’s recent amendments to the state’s Breach of Personal Information Notification Act (“the Act”) will become law. The amendments expand the protected categories of “personal information” to include “medical information.” The Act now applies to any entity that stores electronic data that includes medical information, even to senior living entities that are not “health care providers.”

The Act defines “medical information” as “any individually identifiable information contained in the individual’s current or historical record of medical history, medical treatment or diagnosis created by a healthcare professional.”

However, the Act is not limited to health care providers but potentially applies to senior living entities (assisted living facilities, personal care homes, home care agencies, etc.) that generally are not subject to the federal Health Insurance Portability and Accountability Act (HIPAA) and its patient notification requirements following a breach.  

Pennsylvania’s notification requirements are triggered when there is a breach in the security of a computerized data system involving “any resident of this Commonwealth whose unencrypted personal information was or is reasonably believed to have been accessed by an unauthorized person.”

Once there is a breach of personal information, including medical information, the entity is required to provide notice to the individuals whose information has been compromised. However, the Act exempts any entity that already is subject to, and complies with, the federal HIPAA breach notification requirements.

While many senior living entities generally follow HIPAA guidelines as best practices – even if they technically do not qualify as “covered entities” – some may be unaware of the new Pennsylvania requirements. These organizations should familiarize themselves with the new legal requirements and begin preparing by assessing the risks to any electronic medical data that they maintain; implementing and enhancing data security measures; and adding cyber-liability insurance coverage if needed.

If you have any questions about the amendments to Pennsylvania’s Breach of Personal Information Notification Act, please contact Christopher J. Churchill or any member of Barley Snyder’s Senior Living or Health Care Industry groups or the Cybersecurity team.

Related News

View More News
News Alert
March 7, 2023

CMS Proposes Sweeping Disclosure Requirements for Nursing Facilities

The Centers for Medicare & Medicaid Services (“CMS”) published a pr...

Learn More
February 28, 2023

Barley Snyder 2022 Year In Review

Check out what the professionals of Barley Snyder have been up to in 2022 a...

Learn More
Press Release
February 13, 2023

Barley Snyder Attorneys elected to Lancaster Bar Association Posts

For Immediate Release Lancaster, Pa. – Two Barley Snyder attorneys have b...

Learn More

Other Upcoming Events

View All Upcoming Events
7:30 am
10:45 am

Wake Up With Barley – A Morning on Real Estate 2023

Learn More

Get in Touch

Our attorneys, paralegals and staff look forward to hearing from you. Please reach out to let us know how we can help.

Get In Touch
Super Lawyers
Best Law Firms US News
Best Lawyers