[ Friday, November 20, 2015 ]
Surprise: Only "HIPAA Covered Entities" are covered by HIPAA
Jeff [9:52 AM]
. I think that's why they call them "covered entities."
A couple of points that should be cleared up: HIPAA doesn't apply, but other privacy laws might; if the data is financial, Gramm Leach Bliley would apply; state data laws might also apply, depending on what is in the data and the specific state laws. And the FTC is certainly likely to be interested; just ask LabMD or Wyndham Hotels. Also, as the story indicates, in each case when the data insecurity is brought to the company's attention, they fixed it. Secondly, if you think genetic information is essentially the same thing as what's in your medical record, you don't know much about the practice of medicine (I guess lots of law professors
don't know much about medicine).
PS: yes, I know HIPAA also covers business associates in certain matters. But not in all matters, so I stand by my locution.
Blogger: HIPAA Blog - Edit your Template