Computer Theft Followup (HIPAA Violation in Question)

Jeff over at the other HIPAA Blog points out a medblogger who also notes the San Jose computer theft incident.

The only problem? It’s not a HIPAA violation as they claim. (This according to Jeff Drummond, a guy who certainly knows his stuff.)

Jeff Drummond:

Grand Rounds is up, this time at GruntDoc, an ER doc blogging from the other half of the North Texas Metroplex, affectionately known as Foat Wuth. He links to a medblogger who notes the San Jose medical group’s computer theft incident I blogged recently, and says it’s a HIPAA violation; I disagree, at least with the long-distance diagnosis. The fact that something bad happens doesn’t mean there’s a HIPAA violation. The fact that PHI gets improperly disclosed doesn’t mean that there’s a HIPAA violation. HIPAA doesn’t require that PHI never get out wrongly, it just requires that covered entities take reasonable steps to try to prevent that.

There’s the key: ‘The fact that PHI gets improperly disclosed doesn’t mean that there’s a HIPAA violation.’

Sorry, comments are closed for this post.