Car Break-In Leads to Possible HIPAA Violation
Thousands of confidential medical records were loaded on a USB flash drive, which subsequently was stolen during a car break-in. Sound familiar? An increase in data breach notification laws throughout the US has brought to light hundreds of incidents that would have been glossed over in the past. In this case, the protected health information is covered under new regulations in HIPAA and the HiTECH Act of 2009.
According to the MetroWest Daily News, it's unclear whether the incident will result in direct monetary damages but it certainly hasn't been a public relations success:
Smith declined to say whether the loss of the records would be considered a violation of the Health Insurance Portability and Accountability Act - known as HIPAA - or whether the company could face penalties.
Under the Health Information Technology for Economic and Clinical Health Act of 2009, companies that experience a breach of health information covered by HIPAA for more than 500 patients are required to inform the patients and the media.