A recent directive from the Connecticut Insurance Department requires all regulated entities in the state to notify the department of "any information security incident" within five calendar days of the incident being identified. The bulletin makes clear that the department intends to play an active role in resolution of data breaches in Connecticut.

"The Department will want to review, in draft form, any communications proposed to be made to affected insureds, members, subscribers, policyholders or providers advising them of the incident," the bulletin states. "Depending on the type of incident and information involved, the Department also will want to have discussions regarding the level of credit monitoring and insurance protection which the Department will require to be offered to affected consumers and for what period of time."

Register or login for access to this item and much more

All Health Data Management content is archived after seven days.

Community members receive:
  • All recent and archived articles
  • Conference offers and updates
  • A full menu of enewsletter options
  • Web seminars, white papers, ebooks

Don't have an account? Register for Free Unlimited Access