[ Tuesday, November 05, 2013 ]


California Update (Happy News for Kaiser): California's Confidentiality of Medical Information Act requires California entities to protect medical information, and prohibits them from disclosing the information except in proper purposes.  In a case I noted earlier, UCLA had an issue when a physician took home a portable hard drive, which was stolen from his house.  The hard drive was encrypted, but the encryption key was on a sticky note stuck to the hard drive, so UCLA couldn't rely on the encryption.  However, a California appeals court has ruled that the plaintiff must prove that the information was actually disclosed, not just lost. 

This is good news for Sutter, which had a theft at one of its offices involving a desktop computer (believe it or not) with PHI on 4,000,000 people.  Since CMIA allows for $1,000 statutory/nominal damages per person, that's a $4 Billion potential loss.  However, unless the plaintiffs can prove that the PHI was discosed, not just lost, then the damages might not be there. 

Jeff [2:05 PM]

Comments: Post a Comment
http://www.blogger.com/template-edit.g?blogID=3380636 Blogger: HIPAA Blog - Edit your Template