[ Friday, November 20, 2015 ]


Surprise: Only "HIPAA Covered Entities" are covered by HIPAA.  I think that's why they call them "covered entities."

A couple of points that should be cleared up: HIPAA doesn't apply, but other privacy laws might; if the data is financial, Gramm Leach Bliley would apply; state data laws might also apply, depending on what is in the data and the specific state laws.  And the FTC is certainly likely to be interested; just ask LabMD or Wyndham Hotels.  Also, as the story indicates, in each case when the data insecurity is brought to the company's attention, they fixed it.  Secondly, if you think genetic information is essentially the same thing as what's in your medical record, you don't know much about the practice of medicine (I guess lots of law professors don't know much about medicine).


PS: yes, I know HIPAA also covers business associates in certain matters.  But not in all matters, so I stand by my locution.

Jeff [9:52 AM]

Comments: Post a Comment
http://www.blogger.com/template-edit.g?blogID=3380636 Blogger: HIPAA Blog - Edit your Template