Effective January 1, 2010, New Hampshire law requires personal health data to be protected beyond what is required by HIPAA. Under H.B. 619, health care providers and business associates must obtain consent from individuals before using protected health information for marketing purposes; the individuals have to be given an opportunity to elect not to receive any fund raising communications based on their protected health information; and individuals have the right to file lawsuits for violations, including special or general damages of not less than $1,000 for each violation. H.B. 542 allows individuals to opt out of sharing health care data with e-health data exchanges; limits access in e-health data exchanges to providers for treatment purposes; and requires the exchanges to maintain logs of providers that access patient data.

TIP: Be sure to implement procedures consistent with these new state laws if you have access to personal health data in New Hampshire.