Effective July, 1, 2014 – The new Florida Information Protection Act passed legislation. FIPA focuses on two types of records to receive heightened protection: personal information and customer records.
The new statute expands the definition of personal information to include the following: health insurance policy or subscriber numbers, information regarding an individual's medical history, financial information, and online user names or email addresses in combination with their associated passwords or security questions and answers to permit account access.
Another change is that affected individuals are to be notified within 30 days. The new statute also requires a copy of that notice to be provided to Florida's Department of Legal Affairs.
The penalty for breaching these rules are steep. $1,000 each day for the first 30 days following any violation of notice requirements, and $50,000 for each subsequent 30-day period up to 180 days. The maximum penalty for violation is $500,000, so it is critical your company has the necessary policies in place and deliver proper notice to individuals located in Florida within the required 30 Day timeframe.
Want to know where you stand with your HIPAA HITECH Compliance?
Contact us to Schedule your HIPAA Audit Today!