March 2023: Reminder: Pennsylvania’s Amended Breach Notification Law Goes into Effect in May 2023

28 Mar


Update Applicable to:
All employers of employees covered by HIPPPA in the state of Pennsylvania.

What happened?
In a previous communication, we notified you that Governor Wolf signed Senate Bill 696 (SB 696) into law, amending Pennsylvania’s breach notification law. This is a reminder of that communication.

Download Our Free Benefits Guide

Download our Benefits Brochure to see how we can provide Fortune 500-level benefits at a fraction of the cost.

Download Guide

What are the details?
Effective May 3, 2023, SB 696 expands the definition of “personal information” to include the following data elements when compromised in combination with a resident’s name:

  • Medical information: any individually identifiable information contained in the individual’s current or historical record of medical history or medical treatment, or diagnosis created by a healthcare professional.
  • Health insurance information: an individual’s health insurance policy number or subscriber number in combination with access code or other medical information that permits misuse of an individual’s health insurance benefits.
  • A username or e-mail address and a password or security question would permit access to an online account.

SB 696 also provides a new permissible method of providing notice of a breach if the affected personal information consists of a username or email address in combination with a password, allowing for electronic notice “if the notice directs the person whose personal information has been materially compromised by a breach of the security of the system to change the person’s password promptly and security question or answer, as applicable, or to take other steps appropriate to protect the person’s online account….” 

Additionally, SB 696 excludes covered entities and business associates subject to HIPAA.

Schedule a Call

Learn more about VensureHR and how we can make an impact on your business.

Contact VensureHR

For more information, please see the links below:

Previous Vensure Communication (December 7, 2022)

Article 1Article 2

What do employers need to do?
Employers should review the links above and ensure that their privacy and security standards comply with the law’s new amendments come May 3, 2023.

Subscribe to
The Vensure Voice