Back to News

Pennsylvania’s Amendments to Data Breach Law Now Extend to Senior Living Entities

Published on

December 29, 2022

In May 2023, Pennsylvania’s recent amendments to the state’s Breach of Personal Information Notification Act (“the Act”) will become law. The amendments expand the protected categories of “personal information” to include “medical information.” The Act now applies to any entity that stores electronic data that includes medical information, even to senior living entities that are not “health care providers.”

The Act defines “medical information” as “any individually identifiable information contained in the individual’s current or historical record of medical history, medical treatment or diagnosis created by a healthcare professional.”

However, the Act is not limited to health care providers but potentially applies to senior living entities (assisted living facilities, personal care homes, home care agencies, etc.) that generally are not subject to the federal Health Insurance Portability and Accountability Act (HIPAA) and its patient notification requirements following a breach.  

Pennsylvania’s notification requirements are triggered when there is a breach in the security of a computerized data system involving “any resident of this Commonwealth whose unencrypted personal information was or is reasonably believed to have been accessed by an unauthorized person.”

Once there is a breach of personal information, including medical information, the entity is required to provide notice to the individuals whose information has been compromised. However, the Act exempts any entity that already is subject to, and complies with, the federal HIPAA breach notification requirements.

While many senior living entities generally follow HIPAA guidelines as best practices – even if they technically do not qualify as “covered entities” – some may be unaware of the new Pennsylvania requirements. These organizations should familiarize themselves with the new legal requirements and begin preparing by assessing the risks to any electronic medical data that they maintain; implementing and enhancing data security measures; and adding cyber-liability insurance coverage if needed.

If you have any questions about the amendments to Pennsylvania’s Breach of Personal Information Notification Act, please contact Christopher J. Churchill or any member of Barley Snyder’s Senior Living or Health Care Industry groups or the Cybersecurity team.

Related News

View More News
Press Release
May 13, 2024

Barley Snyder Attorney Katherine Betz Kravitz Named to Central Penn Business Journal’s “Women of Influence” List

For immediate release Lancaster, Pa. – Barley Snyder is pleased to announ...

Learn More
Press Release
April 26, 2024

Barley Snyder Managing Partner Jennifer Craighead Carey named to CPBJ 2024 Power Law List

For Immediate Release Lancaster, Pa. – Barley Snyder is pleased to announ...

Learn More
Press Release
April 17, 2024

Barley Snyder Attorney Tasha Stoltzfus Nankerville Admitted to Practice in Maryland

For Immediate Release Lancaster, Pa. – Barley Snyder is pleased to announ...

Learn More

Get in Touch

Our attorneys, paralegals and staff look forward to hearing from you. Please reach out to let us know how we can help.

Get In Touch
Super Lawyers
Best Law Firms US News
Best Lawyers