HIPAA Blog

[ Wednesday, April 15, 2009 ]

Moses Cone Data Breach: Another stolen laptop, another hospital scrambling to offer credit reporting to patients whose information was stolen. The data was password-protected, and in a software program that requires some training to use, but it wasn't encrypted; does that count as "unsecured PHI" under the new HIPAA rules post-ARRA? We won't know for sure until the regs come out.

Sounds like a crackhead laptop theft, not an ID theft attempt, so my suspicion is that the data was scrubbed off the laptop as soon as the thief could do so.

Jeff [10:36 AM]

Comments: Post a Comment

http://www.blogger.com/template-edit.g?blogID=3380636 Blogger: HIPAA Blog - Edit your Template