South Florida Hospital News
Monday January 20, 2020

test 2

August 2014 - Volume 11 - Issue 2



Florida Information Protection Act of 2014

On June 20th, Governor Rick Scott signed into law the Florida Information Protection Act of 2014, which imposes requirements on Florida businesses that handle personal information. This new legislation repealed Florida Statute 817.5681 which previously required notices of certain breaches of personal information. This legislation is now codified as Florida Statute 501.171.
The law generally provides that covered entities, governmental entities, and third party agents shall take reasonable measures to protect and secure data in electronic form containing personal information. A “covered entity” under this law includes a sole proprietorship, corporation, partnership, etc. that acquires, maintains, stores, or uses personal information. Thus, covered entities would include hospitals and other allied healthcare providers. Additionally, a host of personal information is covered under the act, including financial account numbers, credit card information, social security numbers, and an individual’s medical history, mental or physical condition, or medical diagnosis or treatment by a healthcare provider. Other data that must be protected under this law includes user names or email addresses, in combination with a password or security question.
Regarding breaches of personal information, the law provides that covered entities must notify the Department of Legal Affairs and individuals of any breach affecting 500 or more individuals in the State of Florida. The law contains a detailed manner in which this notice of breach is to be provided. It appears that one of the biggest changes with this law is that a breach will likely have to be reported, even though the breach is innocuous and not likely to result in harm. Generally, “covered entities” under this statute will have 30 days to provide the required notice, as opposed to HIPAA which gives entities 60 days to provide notice of a breach.
Finally, the new law specifically states that no private cause of action is established under the law. Further, violations of the law will be treated as an unfair or deceptive trade practice under Florida Statute 501.207, and civil penalties can range from $1,000 to $500,000. Accordingly, covered entities should update and strengthen their internal policies to avoid breaches under this new law.

Michael A. Petruccelli, Fann & Petruccelli, P.A., can be reached at (954) 771-4118 or visit

Share |