John F. Lushis, Jr. of Norris McLaughlin P.A. writes:
In December 2005, Pennsylvania enacted the Breach of Personal Information Notification Act (the “2005 BPINA”). Known as the 2005 BPINA Act, its purpose is to provide “for security of computerized data and for the notification of residents whose personal information data was or may have been disclosed due to a breach of the security of the system.”
[..]
The 2022 Amendment adds definitions of “medical information” and “health insurance information” and expands the definition of “personal information” to include medical information, health insurance information, and “a username or e-mail address, in combination with a password or security question and answer that would permit access to an online account.”
Read more at The National Law Review.