Compliance Management

NJ law requires health insurance carriers to encrypt sensitive data

New Jersey has passed a law requiring health insurance carriers to encrypt sensitive patient data.

On Friday, New Jersey Governor Chris Christie signed the legislation (PDF), which says that health insurance companies “shall not compile or maintain computerized records that include personal information, unless that information is secured by encryption or by any other method or technology rendering the information unreadable, undecipherable, or otherwise unusable by an unauthorized person.”

The bill designated “personal information” as a person's first name, or first initial and last name, “linked with” other identifying data, like a Social Security number, driver's license number, address or identifiable health information.

The legislation also stated that password protection software will not aid in compliance, unless the computer program renders the data unusable or unreadable by an “unauthorized person altering, deleting, or bypassing” the security mechanism.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.