Back to News

Pennsylvania’s Amendments to Data Breach Law Now Extend to Senior Living Entities

Published on

December 29, 2022

In May 2023, Pennsylvania’s recent amendments to the state’s Breach of Personal Information Notification Act (“the Act”) will become law. The amendments expand the protected categories of “personal information” to include “medical information.” The Act now applies to any entity that stores electronic data that includes medical information, even to senior living entities that are not “health care providers.”

The Act defines “medical information” as “any individually identifiable information contained in the individual’s current or historical record of medical history, medical treatment or diagnosis created by a healthcare professional.”

However, the Act is not limited to health care providers but potentially applies to senior living entities (assisted living facilities, personal care homes, home care agencies, etc.) that generally are not subject to the federal Health Insurance Portability and Accountability Act (HIPAA) and its patient notification requirements following a breach.  

Pennsylvania’s notification requirements are triggered when there is a breach in the security of a computerized data system involving “any resident of this Commonwealth whose unencrypted personal information was or is reasonably believed to have been accessed by an unauthorized person.”

Once there is a breach of personal information, including medical information, the entity is required to provide notice to the individuals whose information has been compromised. However, the Act exempts any entity that already is subject to, and complies with, the federal HIPAA breach notification requirements.

While many senior living entities generally follow HIPAA guidelines as best practices – even if they technically do not qualify as “covered entities” – some may be unaware of the new Pennsylvania requirements. These organizations should familiarize themselves with the new legal requirements and begin preparing by assessing the risks to any electronic medical data that they maintain; implementing and enhancing data security measures; and adding cyber-liability insurance coverage if needed.

If you have any questions about the amendments to Pennsylvania’s Breach of Personal Information Notification Act, please contact Christopher J. Churchill or any member of Barley Snyder’s Senior Living or Health Care Industry groups or the Cybersecurity team.


Related News

View More News
Press Release
November 7, 2024

Barley Snyder Named to Best Law Firms® 2025 Edition 28 Times

For Immediate Release Lancaster, Pa. – Barley Snyder is proud to announce that Best Lawyers® has named the firm to its 202...

Learn More
Press Release
October 31, 2024

Barley Snyder Attorney Amanda Kowalski Elected President of Lancaster Law Foundation

For Immediate Release Lancaster, Pa. – Barley Snyder is pleased to announce that attorney Amanda Jabour Kowalski has been e...

Learn More
Press Release
August 15, 2024

Barley Snyder Attorneys Recognized by Best Lawyers in America

For Immediate Release Lancaster, Pa. – Forty-nine Barley Snyder attorneys have been recognized by The Best Lawyers in ...

Learn More

Get in Touch

Our attorneys, paralegals and staff look forward to hearing from you. Please reach out to let us know how we can help.

Get In Touch
RECOGNIZED IN
Super Lawyers
Best Law Firms US News
Best Lawyers