[ Tuesday, November 05, 2013 ]
California Update (Happy News for Kaiser): California's Confidentiality of Medical Information Act requires California entities to protect medical information, and prohibits them from disclosing the information except in proper purposes. In a case
I noted earlier, UCLA had an issue when a physician took home a portable hard drive, which was stolen from his house. The hard drive was encrypted, but the encryption key was on a sticky note stuck to the hard drive, so UCLA couldn't rely on the encryption. However, a
California appeals court has ruled that the plaintiff must prove that the information was actually disclosed, not just lost.
This is good news for Sutter, which had
a theft at one of its offices involving a desktop computer (believe it or not) with PHI on 4,000,000 people. Since CMIA allows for $1,000 statutory/nominal damages per person, that's a $4 Billion potential loss. However, unless the plaintiffs can prove that the PHI was discosed, not just lost, then the damages might not be there.
Jeff [2:05 PM]
http://www.blogger.com/template-edit.g?blogID=3380636
Blogger: HIPAA Blog - Edit your Template