Sen. Stuart Reid, R-Ogden sponsored the legislation, which requires health care providers to make the disclosure when issuing a notice of their privacy practice.
The bill also requires the state to consult data security experts and incorporate the best security standards.
In January, a Health Department contractor lost a device containing personal information for about 6,000 Medicaid recipients. Last year, the Health Department announced hackers broke into a server containing personal data, including Social Security numbers, for about 780,000 people.
A House committee unanimously approved the bill Wednesday. It advances to the full House for consideration.