Colorado Enacts a New Consumer Data Privacy Protection Law: HIPAA & HITECH Act Blog by Jonathan P. Tomes

JonTomesThe Colorado governor signed into law HB 1128, a new consumer data privacy protection law, which is intended to protect personal identifying information (“PII”). Effective September 21, 2018, the law requires organizations, including health care organizations, that maintain paper or electronic documents that contain PII to develop and maintain a written policy for the destruction and proper disposal of those documents. Entities that maintain, own, or license PII, including those that use a nonaffiliated third party as a service provider, shall implement and maintain reasonable security procedures for the PII. Also, the notification laws governing disclosure of unauthorized acquisitions of unencrypted and encrypted computerized data are expanded to specify who must be notified following such unauthorized acquisition and what must be included in such notification. To view the bill in its entirety regarding the new consumer data privacy protection law, go to

If you need to draft/review/update your policies, to comply with this new consumer data privacy protection law and/or others, and have questions as to how to approach and solve the problem(s) that you encounter as you attempt to comply, you may find just the help that you need in our policy book by Jonathan P. Tomes, The Complete HIPAA Policies and Procedures Guide, with accompanying CD of sample policies and procedures, available on our website at

FYI, in case you are keeping track, this blog item is the second in the HIPAA potpourri series that Jon announced in last week’s blog. Stay tuned, same time, same station, next week, for the next item in the potpourri. As always, thanks for reading Jon’s blog, and remember to contact us if you need HIPAA compliance help. Jon is still out of the loop for a few weeks, but you can reach Alice at Happy 4th of July!

seo by: k.c. seo