Utah Legislature Looks for Ways to Fix State Data Security Issues

Nov 15, 2012

The state Health and Human Services interim committee unanimously supported draft legislation Wednesday aimed at fixing problems related to the state’s Medicaid data breach that left more than 800 thousand Utahn’s personal information vulnerable.

Senator Stuart Reid’s bill requires all health care providers who participate in Medicaid or the Children’s Health Insurance Program to provide a notice to all patients that they may submit their personal information to the state’s eligibility database. It also requires the State Department of Health to verify the providers are giving that notice before they allow access to that database. Department of Health Director David Patton supports the bill but says it would be an added burden.

“Now I don’t know if we have a mechanism to do that. It would be very difficult to do. There are over six thousand providers that interact with Medicaid and because of that this is a huge undertaking,” Patton says. 

But Reid says it’s similar to the requirements providers already have to follow because of patient privacy laws. 

“This is no different. You’ll have an additional line on that form, or another form, indicating that your private information may be accessed through the database,” Reid says. 

The bill also organizes a committee of security experts to meet under the direction of the Governor’s office to identify and implement best practices for data security. Those best practices along with the Department of Technology Services would then be audited every two years.