Hard to believe, but UCLA Health is notifying patients of yet another data breach. From a notice issued today: UCLA Health is sending notification letters to 1,242 individuals about the theft of a laptop computer containing patient names, medical record numbers, and health information used to help prepare patient treatment plans. No social security numbers,…
Category: Commentaries and Analyses
Duty of confidentiality trumps your desire to defend your reputation
Remember when Prime Healthcare and Shasta Regional Medical Center were fined by federal and state agencies for breaching patient privacy? They had willfully disclosed patient details to the media after the media had reported the patient’s complaint about them. At the time, I noted that just because a patient discloses information, that does not give the covered entity the…
“Small” breach, big impact, redux
In November 2013, I blogged about the case of a privacy breach at Northern Inyo Hospital that was so devastating to the patient that she was going to move away. The breach was a willful insider breach that impacted a custody dispute. That same year, and unbeknownst to most people, there was a lawsuit filed over another insider…
More reaction to the Third Circuit opinion in FTC v. Wyndham
Two more commentaries site visitors interested in this issue may wish to read: What Exactly Does Reasonable Mean? – Josephine Wolff, Slate The FTC’s Wyndham victory is good for privacy but confusing for businesses – Stacey Higginbotham, Fortune
ICO raises concerns about data breach notification overload
From the where-have-I-heard-this-all-before dept.: The Information Commissioner’s Office (ICO) said it welcomed proposals outlined by the national governments that make up the EU which would restrict the cases where organisations would be required to notify data protection authorities and consumers of data breaches under the General Data Protection Regulation that EU law makers are currently…
In Wyndham, the FTC won a battle but perhaps lost its data security war
Gus Hurwitz has a slightly different take on the Third Circuit’s opinion in FTC v. Wyndham. On the issue of notice, he writes, in part: The court goes on to find that Wyndham had sufficient notice of the requirements of Section 5 under the standard that applies to judicial interpretations of statutes. And it expressly notes…