[ Friday, January 04, 2008 ]
California leads again:
California led the pack in instituting a data breach law requiring companies to notify customers and clients if they suffered a computer breach or other incident that exposed private or personal information. Now, the California law has been amended
to include electronic PHI or health insurance information. I think this just fills in some holes, since I think the existing law would have required notification in most cases of harmful PHI breach (since financial information is what data thieves are looking for anyway). However, even if there's little likelihood that the data was stolen for identity theft or similar purposes, if the data include health information, you gotta report it.
Jeff [12:18 PM]
Blogger: HIPAA Blog - Edit your Template