New identity protection regulations went into effect across Massachusetts today. In short, the objective of these regulations is to further prevent identity theft that could occur within a business environment.

Your office will have to take any necessary steps to comply with these new Massachusetts regulations even though your office is already compliant with the HIPAA regulations. This is due to the fact that many offices hold the personal information of patients or employees.

Personal information is defined as the first and last name of a patient or employee combined with one of the following:

• Social Security Number
• Driver's license number or state-issued identification card number
• Financial account number or credit or debit card number or password that can allow access to a patient or employee’s financial account.

If your office holds this personal information of patients or employees, some of the requirements that you will be responsible for will include:

• Making sure that personal information for patients or employees are secure in a locked file cabinet and/or room
• Making sure that you do not electronically transmit personal information via an unsecure electronic means
• Creating a written policy that details your office’s plan to protect personal information

Further requirements and in-depth details can be found at one of the following links:

Identity-Theft Regulations

Identity-Theft Regulations FAQ

Identity-Theft Regulations Small Business Guide

Please call us at 508-875-7900 with any questions about this process.