Jay Cline writes:
The Eli Lilly employee whose programming glitch exposed the e-mail addresses of almost 700 Prozac users to each other didn’t know he was making history. Since that day in June 2001, hundreds more US healthcare organizations have reported medical-data breaches. As a result of those reports, federal and state health agencies have dealt out millions of dollars in fines, and the U.S. Department of Health and Human Services has launched a round of 150 audits. Meanwhile, a cottage industry of breach-notification service providers has arisen, and healthcare organizations can’t find enough privacy talent to batten down the hatches.
But is this obsessiveness over health-data privacy warranted? Do medical-data breaches harm people, and does notifying them of the incidents help them?
Read more on Computerworld where Jay offers his own scheme for whether entities should notify following a breach.