For years, the idea of requiring ed tech providers to meet HIPAA/HITECH-type security standards has been a hot topic.ΙColorado saw proposed legislation last year that would have mandated this, and New York's Parents Bill of Rights for Data Privacy and Security, passed in 2014, contains a provision requiring that vendors use encryption technology to protect data while in motion or in its custody from unauthorized disclosure using a technology or methodology specified by the Secretary of the United States Department of Health and Human Services in guidance issued under Section 13402(H)(2) of Public Law 111-5.
We're already beginning to see this issue come up again in state legislation this year. A new bill introduced and referred to the House education committee in Indiana also would require ed tech to comply with HIPAA/HITECH requirements for technical safeguards:Ιhttp://www.whiteboardmonitor.com/billdatabase/billTexts.php?bill_id=887500&type=text
Here's the bill text:
(7) The outside party uses encryption technology to protect
22 data while the data is in motion or in the custody of the
23 outside party from unauthorized disclosure using a
24 technology or methodology specified by the secretary of the
25 United States Department of Health and Human Services in
26 guidance issued under 42 U.S.C. 17932.