The month-long window is the shortest turnaround from a state and doesn’t exempt the healthcare sector, effectively giving Colorado providers just half the time required by HIPAA to report. Check out the article for more information!
Colorado Gov. John Hickenlooper signed into law expansive consumer data legislation that mandates all organizations report breaches within 30 days, making it the shortest turnaround for any state.
There are no exemptions from the notification rule, meaning healthcare organizations must report within 30 days — half the time required by HIPAA. The legislation updates the state’s current notification language that states notification must happen without “reasonable delay.”
Introduced in January, the bill unanimously passed in the State House Committee. The aim is to drastically improve privacy and security for all organizations within the state.
The legislation overlaps with HIPAA requirements, as lawmakers added medical and health insurance identification data to the types of information covered by the law.
And if there’s “a conflict between the time period for notice to individuals [under Colorado law or federal regulation or law], the law or regulation with the shortest time frame for notice to the individual controls,” the bill states.