Download Zipped Introduced WordPerfect SB0227.ZIP
[Status][Bill Documents][Fiscal Note][Bills Directory]

S.B. 227

             1     

PATIENT INFORMATION PROTECTION AMENDMENTS

             2     
2013 GENERAL SESSION

             3     
STATE OF UTAH

             4     
Chief Sponsor: Stephen H. Urquhart

             5     
House Sponsor: ____________

             6     
             7      LONG TITLE
             8      General Description:
             9          This bill amends the Health Code related to the Medicaid program.
             10      Highlighted Provisions:
             11          This bill:
             12          .    requires a health care provider that enters into a provider agreement with the state
             13      Medicaid program to purchase insurance that would cover a health data breach; and
             14          .    specifies certain coverage requirements that must be maintained by the provider.
             15      Money Appropriated in this Bill:
             16          None
             17      Other Special Clauses:
             18          None
             19      Utah Code Sections Affected:
             20      ENACTS:
             21          26-18-17, Utah Code Annotated 1953
             22     
             23      Be it enacted by the Legislature of the state of Utah:
             24          Section 1. Section 26-18-17 is enacted to read:
             25          26-18-17. Medicaid provider -- Data breach insurance.
             26          (1) (a) Beginning July 1, 2013, a health care provider that enters into a provider
             27      agreement with the state Medicaid program shall purchase an insurance policy that insures the

             28      health care provider for losses incurred as a result of a data breach of electronic medical
             29      records stored or accessed by the provider.
             30          (b) The data breach insurance required by Subsection (1)(a) shall include coverage for:
             31          (i) compliance with data breach notification laws;
             32          (ii) securing legal counsel to advise on incident response;
             33          (iii) providing credit file monitoring to victims;
             34          (iv) hiring forensic experts to investigate the breach, if appropriate;
             35          (v) paying regulatory defense and penalties from privacy law violations; and
             36          (vi) legal liabilities including those arising from failure to comply with data breach
             37      notification laws or privacy policies or to administer a government-mandated identity theft
             38      prevention program.
             39          (2) The health care provider shall keep the insurance policy required by Subsection (1)
             40      in effect during the period of time in which the provider has a provider agreement with the state
             41      Medicaid program.




Legislative Review Note
    as of 2-12-13 5:39 PM

Office of Legislative Research and General Counsel

[Bill Documents][Bills Directory]