Utah recently passed a new healthcare law that requires healthcare providers who participate in the state Medicaid or Children's Health Insurance Program to notify consumers that they have or may submit personally identifiable information to the state's Medicaid or Children's Health Insurance Program eligibility database. The law goes into effect on July 1, 2013. The bill was initially introduced as a result of a 2012 theft of personally identifiable information from the state database that compromised the information of 780,000 people. In addition, the new law requires healthcare providers to verify that their privacy disclosures comply with state and federal law before granting them access to the eligibility database. Finally, the Utah Department of Health has administrative rulemaking authority to establish uniform language that must be included in healthcare provider privacy policies under the new law.

TIP: Healthcare providers interacting with the Medicaid and Children's Health Insurance Program database will need to make sure not only to comply with these new notice requirements, but will also need to address federal and state privacy disclosure compliance. We will continue to monitor this development to see if the Department of Health imposes any uniform language requirements that must be incorporated into privacy disclosures.