HIPAA Blog

[ Wednesday, January 13, 2010 ]

Connecticut data breach: The Connecticut Attorney General is first out of the gate in using the new delegation under HITECH to directly sue a covered entity for a HIPAA violation. HealthNet lost a computer hard drive with unencrypted patient names and social security numbers. The drive was lost in May, but HealthNet didn't start notifying potential victims until the end of November. As far as I've heard, there's no indication that anyone has been harmed, which probably indicates that the drive wasn't accessed. However, that doesn't mean a violation didn't occur. No harm doesn't necessarily mean no foul.

Jeff [6:05 PM]

Comments: Post a Comment

http://www.blogger.com/template-edit.g?blogID=3380636 Blogger: HIPAA Blog - Edit your Template