Massachusetts Enacts Identity Theft Law
The privacy and security of personal financial information has been the subject of intense scrutiny recently with the advent of a substantial number of high profile identity theft cases in the news. Just this past year, Massachusetts enacted comprehensive identity theft legislation to protect Massachusetts residents by requiring that they be notified of any unauthorized access or use of their personal information.
As the repository of a large amount of personal information on patients, BWH is responsible to be good stewards of this information. Under the Massachusetts Identify Theft law, a privacy, security or data breach occurs when it is known or believed to be known that a security breach has occurred, or it is known or believed to be known that the personal information of a resident of Massachusetts was acquired or used by any unauthorized person or used for any unauthorized purpose.
When either of the above events occurs, BWH must notify each affected Massachusetts resident, as well as the Attorney General’s Office and the director of consumer affairs and business regulation. BWH, working with Partners Information Security, is taking steps to both minimize the risks of breaches and to establish processes aimed at promptly investigating every possible breach and complying with the strict notification requirements.
Some examples of data breaches covered by the identify theft law involve misdirected information through fax machines and lost or stolen laptop computers and/or handheld devices. All staff are reminded that they should only access the minimum necessary patient information in order to perform their job, and should not be storing a patient’s personal information such as name, Social Security number, financial account number, or anything else on their computer hard drives or handheld devices.
If you have any questions on the identity theft law or the efforts of BWH and Partners to help prevent identity theft or data breaches, please contact the BWH HIPAA Compliance Project Manager, Martha Hamel, at 617-582-5201. Most importantly, if you believe or are concerned that there has been a case of identity theft or a breach of security, please contact the BWH Privacy Office right away. You may also make an anonymous inquiry to the Partners Compliance HelpLine at 1-800-856-1983 or www.partners.org/complianceline