[ Thursday, December 06, 2018 ]
This may or may not be a HIPAA breach, but NY's data breach notification law is likely implicated. It's unclear whether the agency would be a HIPAA covered entity; it's described as a health provider, but if it doesn't conduct HIPAA-regulated transactions in electronic format, technically it might not be a HIPAA "covered entity."
Jeff [10:44 AM]
http://www.blogger.com/template-edit.g?blogID=3380636
Blogger: HIPAA Blog - Edit your Template