Bill > LD2103

This bill requires hospitals to develop and annually update a cybersecurity plan, which must be submitted to the Department of Health and Human Services for their records. Cybersecurity is defined as protecting electronic information from unauthorized changes, misuse, or denial of access. A cybersecurity intrusion is an unwanted breach into a computer system. The plan must include procedures for notifying relevant parties like law enforcement and patients about intrusions, ensuring patient care continues through backup communication and triage systems, and providing transportation or regional partnerships if needed. It also mandates a process for patients to complain if they face difficulties accessing medical care due to a cybersecurity incident. Furthermore, all hospital staff, board members, and affiliated organizations must receive cybersecurity training, and hospitals must conduct annual tests of their plans. The bill also expands the definition of a "sentinel event," which is a serious and preventable incident that requires reporting, to include cybersecurity intrusions that disrupt patients' access to medical care.

Health and Social Services

https://legislature.maine.gov/legis/bills/display_ps.asp?LD=2103&snum=132