Legislator highlights her plan to protect sensitive medical information

State Rep. Jamie Thompson today highlighted her efforts to shore up unauthorized access to medical records while protecting people and families from having their personal information exposed in response to recent comments from state Attorney General Dana Nessel.

Nessel has called for legislative action in the wake of a cybersecurity breach earlier in the year that has impacted medical patients across Michigan. Nessel underscored needed accountability for a failure to use best practices to store and secure information and not reporting data breaches.

“This has affected many people in communities I represent across Monroe and Wayne counties, and as a licensed practical nurse I know how important it is to maintain trust between a patient and a health care provider,” said Thompson, of Brownstown, who serves on the House Health Policy Committee and the House Families, Children and Seniors Committee. “Breaches where personal information is exposed are constantly a concern for people in the digital era that we live in. It’s important that our laws respect and reflect this reality, and I have personally pushed for plans that will help position Michigan as a leader in making sure private information stays that way.”

The push for increased measures comes after a May 30 cybersecurity breach at Welltok, Inc. – the software company contracted to provide communications services to Corewell Health’s properties in southeastern Michigan. It is estimated more than 1 million Michigan residents had their names, dates of birth, email addresses, phone numbers, Social Security numbers, medical diagnoses and health insurance information compromised in the breach.

Thompson has made protecting sensitive medical information from unauthorized entities a priority. She introduced House Bill 5072 in September, which requires all health care providers to utilize only electronic health record technology that is physically maintained in the United States or Canada in storing patient medical information and prohibits the use of any third-party computing facilities in any other foreign countries.

While the legislation would not have specifically addressed the Corewell breach, as its servers were U.S.-based, it did underscore the need to strengthen medical record protections and delivers accountability when information is being stored in an unsafe fashion. HB 5072 has not received a hearing.

“With the current split in the Legislature, we have an opportunity to work in a bipartisan way to address issues that an overwhelming majority of people agree on and want to see their elected officials act on,” Thompson said. “Protecting personal information is an issue where there’s broad support and there should be a real urgency. There should be movement. This shouldn’t get washed away by playing politics or worrying about who gets credit for the reforms. 

“Unfortunately, it played out this way when my legislation to protect people’s private information from foreign adversaries was buried in a House committee and it has yet to receive a hearing. I am hopeful in the coming year this plan and this overall issue can get the respect they deserve. People across our state are depending on it.”