The month-long window is the shortest turnaround from a state and doesn’t exempt the healthcare sector, effectively giving Colorado providers just half the time required by HIPAA to report. Check out the article for more information! nnColorado Gov. John Hickenlooper signed into law expansive consumer data legislation that mandates all organizations report breaches within 30 days, making it the shortest turnaround for any state.nnThere are no exemptions from the notification rule, meaning healthcare organizations must report within 30 days — half the time required by HIPAA. The legislation updates the state’s current notification language that states notification must happen without “reasonable delay.”nnIntroduced in January, the bill unanimously passed in the State House Committee. The aim is to drastically improve privacy and security for all organizations within the state.nnThe legislation overlaps with HIPAA requirements, as lawmakers added medical and health insurance identification data to the types of information covered by the law.nnAnd if there’s “a conflict between the time period for notice to individuals [under Colorado law or federal regulation or law], the law or regulation with the shortest time frame for notice to the individual controls,” the bill states.n
nThis article was originally posted on healthcareitnews.com