Policy, Compliance

NJ law requires health insurance carriers to encrypt sensitive data

January 13, 2015

New Jersey has passed a law requiring health insurance carriers to encrypt sensitive patient data.

On Friday, New Jersey Governor Chris Christie signed the legislation (PDF), which says that health insurance companies “shall not compile or maintain computerized records that include personal information, unless that information is secured by encryption or by any other method or technology rendering the information unreadable, undecipherable, or otherwise unusable by an unauthorized person.”

The bill designated “personal information” as a person's first name, or first initial and last name, “linked with” other identifying data, like a Social Security number, driver's license number, address or identifiable health information.

The legislation also stated that password protection software will not aid in compliance, unless the computer program renders the data unusable or unreadable by an “unauthorized person altering, deleting, or bypassing” the security mechanism.

prestitial ad