Back to News

Pennsylvania’s Amendments to Data Breach Law Now Extend to Senior Living Entities

Published on

December 29, 2022

In May 2023, Pennsylvania’s recent amendments to the state’s Breach of Personal Information Notification Act (“the Act”) will become law. The amendments expand the protected categories of “personal information” to include “medical information.” The Act now applies to any entity that stores electronic data that includes medical information, even to senior living entities that are not “health care providers.”

The Act defines “medical information” as “any individually identifiable information contained in the individual’s current or historical record of medical history, medical treatment or diagnosis created by a healthcare professional.”

However, the Act is not limited to health care providers but potentially applies to senior living entities (assisted living facilities, personal care homes, home care agencies, etc.) that generally are not subject to the federal Health Insurance Portability and Accountability Act (HIPAA) and its patient notification requirements following a breach.  

Pennsylvania’s notification requirements are triggered when there is a breach in the security of a computerized data system involving “any resident of this Commonwealth whose unencrypted personal information was or is reasonably believed to have been accessed by an unauthorized person.”

Once there is a breach of personal information, including medical information, the entity is required to provide notice to the individuals whose information has been compromised. However, the Act exempts any entity that already is subject to, and complies with, the federal HIPAA breach notification requirements.

While many senior living entities generally follow HIPAA guidelines as best practices – even if they technically do not qualify as “covered entities” – some may be unaware of the new Pennsylvania requirements. These organizations should familiarize themselves with the new legal requirements and begin preparing by assessing the risks to any electronic medical data that they maintain; implementing and enhancing data security measures; and adding cyber-liability insurance coverage if needed.

If you have any questions about the amendments to Pennsylvania’s Breach of Personal Information Notification Act, please contact Christopher J. Churchill or any member of Barley Snyder’s Senior Living or Health Care Industry groups or the Cybersecurity team.


Related News

View More News
Press Release
January 20, 2023

Barley Snyder Announces 2023 Leadership Changes

For Immediate Release Lancaster, Pa. – Barley Snyder has announced severa...

Learn More
Press Release
January 3, 2023

Barley Snyder Named a “U.S. News – Best Lawyers® ‘Best Law Firm’” 26 Times

For Immediate Release Lancaster, Pa. – Barley Snyder is proud to announce...

Learn More
News Alert
December 19, 2022

HHS Bulletin Warns Health Care Providers: Make Sure Website Tracking Is HIPAA-Compliant

Earlier this month, the Department of Health and Human Services’ Office o...

Learn More

Other Upcoming Events

View All Upcoming Events
Mar
07
7:30 am
-
11:00 am
event
Location

2023 Transportation, Logistics & Trade Seminar

Learn More
Mar
23
12:00 pm
-
6:00 pm
event
Location

LendiCon 2023

Learn More
May
12
event
Location

40th Annual Employment Law Seminar

Learn More

Get in Touch

Our attorneys, paralegals and staff look forward to hearing from you. Please reach out to let us know how we can help.

Get In Touch
RECOGNIZED IN
Super Lawyers
Best Law Firms US News
Best Lawyers