[ Tuesday, May 23, 2006 ]
VA Data Theft:
Need I even report on this? In yet another high-profile case
of data theft, (perhaps the highest profile case to date) , a Veteran's Administration worker takes home a laptop computer with name, social security, and other information on about a bazillion veterans (OK, over 25 million). The VA employee was not supposed to take home the data took it home anyway, and it was stolen from the analyst's house in a burglary. It's unclear whether the data would count as PHI (was it part of the medical records or was it more like employment data?), but it will probably need to be disclosed and reported in most of the states where data breach disclosure laws have been passed. Foreign law might be implicated as well.
(Hat tip on the related implications: John Christiansen)
Jeff [11:30 AM]
Blogger: HIPAA Blog - Edit your Template