Skip to main content

HIPAA Isn't the Only Data Breach Law of Concern

Written by Dianne Bourque

In the event of a data breach, covered entities must consider state law notification requirements, as well as those imposed by HIPAA.  Toward that end, Mintz Levin has developed a survey of state data breach notification laws, which is a useful tool for understanding the types of protections states require, breach notification triggers, timing, and other specifics. The Mintz Levin Data Breach Matrix is accessible here.  As observed by Cynthia Larose in a recent Privacy & Security Matters post, all the usual disclaimers apply:  the matrix is not a substitute for legal advice from practitioners with experience responding to data breaches.

Subscribe To Viewpoints


Karen S. Lovitch

Member / Chair, Health Law Practice

Karen S. Lovitch is a Mintz attorney who represents health care companies in regulatory, transactional, and operational matters. She advises them on health care regulations such as the Stark Law and the Clinical Laboratory Improvement Amendments of 1988.
Dianne J. Bourque advises health care clients on licensure, regulatory, contractual, risk management, and patient care matters for Mintz. Dianne counsels researchers and research sponsors on FDA and OHRP regulations. She also counsels clients on data privacy issues, including HIPAA standards.