February 10, 2015
On Jan. 9, 2015, Gov. Christie signed Senate Bill 562, creating Public Law 2014 Chapter 88, which will require health insurance carriers to encrypt certain information. The law applies to any insurance company, hospital service corporation, health service organization, or health maintenance organization authorized to issue health benefits plans in New Jersey. These entities must protect individually identifiable health information via encryption. They will be prohibited from maintaining computerized records that contain personal information unless it is encrypted. "Personal information" means an individual's first name or first initial and last name linked with one or more of the following data elements: (1) Social Security number (2) driver's license number or state identification card number (3) address or (4) identifiable health information. The law applies only to end user computer systems (e.g. computer systems, laptops and other devices used by end users to access the data) and computerized records transmitted across public networks.
While the law does not impact employers directly, group health plan sponsors will likely notice additional measures taken by carriers and insurers subject to these requirements in order to protect individually identifiable health information and comply with the state law.
The law becomes effective Aug. 1, 2015.
Public Law 2014 Chapter 88 »