[ Wednesday, January 13, 2010 ]
Connecticut data breach:
The Connecticut Attorney General is first out of the gate
in using the new delegation under HITECH to directly sue a covered entity for a HIPAA violation. HealthNet lost a computer hard drive with unencrypted patient names and social security numbers. The drive was lost in May, but HealthNet didn't start notifying potential victims until the end of November. As far as I've heard, there's no indication that anyone has been harmed, which probably indicates that the drive wasn't accessed. However, that doesn't mean a violation didn't occur. No harm doesn't necessarily mean no foul.
Jeff [6:05 PM]
Blogger: HIPAA Blog - Edit your Template