South Carolina has become the first state to enact a version of the Insurance Data Security Model Law, which was drafted by the National Association of Insurance Commissioners (NAIC) in 2017. Governor Henry McMaster signed the South Carolina Insurance Data Security Act into law on May 14, 2018. The Act will become effective on January 1, 2019.

South Carolina Insurance Director Raymond G. Farmer chaired the NAIC Cybersecurity Working Group that drafted the model law. The South Carolina Act appears to follow the Model Law closely, and bears similarities to cybersecurity laws and regulations enacted in other states and at the federal level – including the New York Department of Financial Services cybersecurity regulations, the new Alabama data breach law, and HIPAA/HITECH data security/breach notification requirements. Continue Reading South Carolina Enacts First Insurance Data Security Act

Perhaps we have adjusted our expectations. 2015 sent shockwaves through health plan sponsors and health care providers with massive data breaches, such as the one at Anthem Blue Cross Blue Shield, and the rise of ransomware attacks, such as the one that temporarily shut down the information systems at Hollywood Presbyterian Medical Center. 2016 brought a new government audit program that awakened many covered entities and business associates to the need to review their HIPAA compliance measures and their readiness to respond to an audit request.

The 2017 year did not serve up seismic HIPAA events – it mostly provided a continuation of what we have seen in the past. This may be calming, but still leaves plenty to be concerned about. Continue Reading HIPAA Breaches and Enforcement: An Uneasy Calm