[ Tuesday, November 05, 2013 ]
California Update (Happy News for Kaiser):
Jeff [2:05 PM]
California's Confidentiality of Medical Information Act requires California entities to protect medical information, and prohibits them from disclosing the information except in proper purposes. In a case I noted earlier
, UCLA had an issue when a physician took home a portable hard drive, which was stolen from his house. The hard drive was encrypted, but the encryption key was on a sticky note stuck to the hard drive, so UCLA couldn't rely on the encryption. However, a California appeals court has ruled
that the plaintiff must prove that the information was actually disclosed, not just lost.
This is good news for Sutter, which had a theft at one of its offices involving a desktop computer
(believe it or not) with PHI on 4,000,000 people. Since CMIA allows for $1,000 statutory/nominal damages per person, that's a $4 Billion potential loss. However, unless the plaintiffs can prove that the PHI was discosed, not just lost, then the damages might not be there.
Blogger: HIPAA Blog - Edit your Template