There are so many complaints and lawsuits following breaches that I long ago gave up on mentioning them all. But Kristen Stewart of the Salt Lake Tribune reports on one complaint that I found particularly interesting:
When University of Utah health law professor Leslie Francis learned her name and Social Security number had been exposed in the state’s Medicaid breach, she decided to do what any scholar might do — investigate.
She deduced that, like the majority of breach victims, her information was sent to the Utah Department of Health by a provider inquiring whether she was covered by Medicaid.
That was a surprise, because she is insured through her employer and none of her providers had declared in privacy notices that they may bill Medicaid. What’s more, when she asked the hospital she believes is at fault to “fess up” — citing the Health Insurance Portability and Accountability Act (HIPAA) — the hospital refused, citing the same law.
The professor went on to file complaints with HHS, OCR, and the FTC. Read more on Salt Lake Tribune.