Kaveh Waddell reports on an issue near and dear to my heart: not all entities that collect or store health information are HIPAA-covered entities. Earlier this year, as one example, we saw the Systema Software leak that impacted numerous firms with a wealth of workers compensation claims. And last year, we saw many employees’ wellness data breached by a hack of Onsite Health Diagnostics. And most recently, of course, I reported on the leak of highly sensitive from a dating app for people who are HIV-positive. And those are just a few of many examples I’ve reported over the past seven years.
Waddell reports:
… health-care companies are only a part of the picture. In fact, according to research published Wednesday by Verizon’s business division, 90 percent of industries—from retail and finance to construction and mining—have experienced a breach of personal health information.
While the organizations in these other sectors may not keep extensive databases of patient information the way a health-care facility or insurer might, businesses in every industry have data from employee benefits and wellness programs, and many deal with workers’ compensation claims. Included in all three are troves of personal health data.
Read more on The Atlantic.