Download Zipped Introduced WordPerfect SB0227S01.ZIP
[Status][Bill Documents][Fiscal Note][Bills Directory]

First Substitute S.B. 227

Senator Stephen H. Urquhart proposes the following substitute bill:


             1     
PATIENT INFORMATION PROTECTION AMENDMENTS

             2     
2013 GENERAL SESSION

             3     
STATE OF UTAH

             4     
Chief Sponsor: Stephen H. Urquhart

             5     
House Sponsor: ____________

             6     
             7      LONG TITLE
             8      General Description:
             9          This bill amends the Health Code related to the Medicaid program.
             10      Highlighted Provisions:
             11          This bill:
             12          .    requires certain health care providers that enter into a provider agreement with the
             13      state Medicaid program to purchase insurance that would cover a health data
             14      breach; and
             15          .    specifies certain coverage requirements that must be maintained by the provider.
             16      Money Appropriated in this Bill:
             17          None
             18      Other Special Clauses:
             19          None
             20      Utah Code Sections Affected:
             21      ENACTS:
             22          26-18-17, Utah Code Annotated 1953
             23     
             24      Be it enacted by the Legislature of the state of Utah:
             25          Section 1. Section 26-18-17 is enacted to read:

             26          26-18-17. Medicaid provider -- Data breach insurance.
             27          (1) (a) Beginning July 1, 2013, a health care provider that has or enters into a provider
             28      agreement with the state Medicaid program, and has received at least $50,000 in payment from
             29      Medicaid in the preceding 12 months, shall purchase an insurance policy that insures the health
             30      care provider for losses incurred as a result of a data breach of electronic medical records
             31      stored or accessed by the provider.
             32          (b) The data breach insurance required by Subsection (1)(a) shall include coverage for:
             33          (i) compliance with data breach notification laws;
             34          (ii) securing legal counsel to advise on incident response;
             35          (iii) providing credit file monitoring to victims;
             36          (iv) hiring forensic experts to investigate the breach, if appropriate;
             37          (v) paying regulatory defense for privacy law violations; and
             38          (vi) legal liabilities arising from failure to comply with data breach notification laws or
             39      privacy policies or to administer a government-mandated identity theft prevention program.
             40          (2) The requirements of Subsection (1) may be satisfied by a medical malpractice
             41      policy purchased by a health care provider that includes coverage for the consequences of a
             42      data breach.
             43          (3) The health care provider shall keep the insurance policy required by Subsection (1)
             44      in effect during the period of time in which the provider has a provider agreement with the state
             45      Medicaid program.

[Bill Documents][Bills Directory]