On Thu, Nov 13, 2014 at 7:42 PM, Tracy Reed <tr...@ultraviolet.org> wrote: > On Thu, Nov 13, 2014 at 10:11:28AM PST, Morgan Blackthorne spake thusly: >> I'd be wondering if HIPPA requires him to disclose the breach to his >> clients since it is medical information. > > Yes. > > http://www.hhs.gov/ocr/privacy/hipaa/administrative/breachnotificationrule/ > > But if he didn't even have separate backups I doubt he will be overly > concerned > about this. For better or worse, odds are DHHS will never know about it unless > one of his patients reports him so likely nothing will come of it.
I'm not so sure. If the data was encrypted in place (never left his systems) then it was never disclosed to inappropriate parties and my reading of that link is that this would not be considered a breach. Not that this would make me happy as a patient... Bill Bogstad _______________________________________________ Tech mailing list Tech@lists.lopsa.org https://lists.lopsa.org/cgi-bin/mailman/listinfo/tech This list provided by the League of Professional System Administrators http://lopsa.org/
