[ Monday, February 22, 2010 ]
Publicly-Disclosed Data Breaches:
As you should know, the data breach reporting requirements have been effective since September; if you're a covered entity and suffered a data breach, you needed to report to the individual and, if it involved 500 or more people, to HHS and the local media. HHS is then obligated to annually post the data breaches reported to it.
And now they have. Check out the data breaches
. What strikes me is what I've always called the "crackhead" issue -- see how many are computer thefts. I'd bet every one of those resulted in no disclosed information, since all of those computers were probably immediately scrubbed of any information so they could be fenced.
UPDATE: not everyone is pleased
with the level of detail provided by HHS in its report.
Jeff [9:25 PM]
Blogger: HIPAA Blog - Edit your Template