State identity theft bill in the works

By Sylvia Hsieh

October 15, 2007

A new bill working its way through the state legislature that applies to general identity theft may also help victims of medical identity theft.

Under House No. 4018, businesses and government entities must notify a consumer if certain personal information, such as a name and Social Security number, has been acquired by an unauthorized person or for an unauthorized purpose.

“We worked with the Massachusetts Hospital Association and the Massachusetts Medical Society to make sure it didn’t conflict with HIPAA. HIPAA is already a strict standard and we wanted to make sure providers didn’t have to comply with one law at the federal level and another at the state level,” said Dr. Marylou Buyse, a practicing family physician and president of the Massachusetts Association of Health Plans.

The bill’s notification requirements apply only to unencrypted information, because many health care organizations have spent a lot of money to develop encryption software to protect patient information, Buyse added.