As Chair of the Privacy and Security practice, Maureen Fulton is dedicated to advising companies on the development of comprehensive privacy and data security programs. Maureen leverages her experience as a Certified Information Protection Professional (CIPP/US) to help organizations navigate state, federal and international privacy laws and regulations. She also conducts privacy and security due diligence for buyers and sellers in connection with mergers and acquisitions. CyncHealth (formerly the Nebraska Health Information Initiative) is a health information exchange system that provides an electronic health information exchange system to providers participating in the Treatment, Payment, and Public Health Services Initiative in Nebraska and neighboring states. Health care providers, insurance payers, and other institutions can participate in CyncHealth. The information exchanged is encrypted and protected in accordance with the HIPAA Health Information Portability and Accountability Act of 1996 (“HIPAA”) and other applicable laws. If an individual`s provider participates in the exchange of health information, they will automatically be registered to participate, but individuals have the right to opt out through their website. Nebraska`s privacy laws are therefore governed by Chapter 20 of the Nebraska Revised Statutes (“Neb. Rev. Stat.”), which governs civil rights.
References to Title 175 of the Nebraska Administration Code (“Neb. Admin. Code”) have corresponding requirements for health clinics under Chapter 7 and hospitals under Chapter 9 of Title 175 of the Neb Administration Code. Overall, “a medical record must be kept for each patient … [and] may be created and maintained in written or electronic form, or a combination of both[.] (see 175 Neb. Admin. Code §9-006.07A of Chapter 9; 175 Neb. Admin. Code §7-006.07A of Chapter 7). It is important for districts to know that they are responsible for establishing and supporting effective governance, privacy and data security programs, as well as complying with laws and regulations. The delivery of these programs can also facilitate effective and innovative teaching practices that are needed in today`s school environment.
Summary: Nebraska does not have general privacy legislation, although Bill 746 for Nebraska`s Consumer Data Privacy Act was introduced in 2020, but was then postponed indefinitely and did not pass. Nebraska also has data security and reporting obligations under Section 87-801 et seq. of Chapter 87 of the Revised Nebraska Regulations. In addition, the Nebraska Financial Data Protection and Consumer Notification of Data Breach Act governs the reporting of consumer data breaches, with the Attorney General being responsible for enforcing these provisions and having the authority to issue subpoenas and compensate for direct economic damages for any resident harmed by the violation of these provisions. The Uniform Data Protection Act (the “Uniform Act”), signed into law by the Uniform Law Commission last year, has yet to be signed into law in any state, but lawmakers in Oklahoma and the District of Columbia have also recently introduced bills to pass the law.