State legislators advance health data security bill

In the wake of several security breaches in Utah in which personal information was compromised for hundreds of thousands of Medicaid participants, state lawmakers are taking steps to ensure that such participants are more aware of how their information is stored.

Recent legislation sponsored by state Sen. Stuart Reid calls upon healthcare providers to inform all of their patients that Medicaid and Children's Health Insurance Program participants' information will be stored in online state databases, the Associated Press reports. The bill--SB20--also requires the state's Department of Technology Services to identify and follow best practices for data security standards in order to protect such individuals.

On Jan. 30, the bill passed through the Senate via a 26-0 vote, according to the Salt Lake Tribune. A House committee voted, 9-0, on Feb. 6, to approve the bill, as well.

"Hundreds of thousands of Utahns' personal data was breached and it costs the state hundreds of thousands of dollars to try to remedy that," Reid told the Senate, according to the Tribune.

Reid, of course, was referencing a breach that took place last spring in which Eastern European hackers gained access to healthcare information for close to 780,000 Medicaid participants in Utah; the Social Security numbers for 280,000 beneficiaries were compromised in that incident, as well.

Last month, though, personal information for an additional 6,000 Medicaid participants was put at risk when an employee of an outside contractor for the Utah Department of Health lost an unencrypted USB memory stick while traveling between Salt Lake City, Denver and Washington, D.C.

Additionally, last fall, hackers infiltrated the Utah Health Exchange, littering the site with graffiti and rendering the web portal useless for roughly one week. No personal information was put at risk in that incident, however.

To learn more:
- read the AP article
- view the legislation
- check out the Salt Lake Tribune piece