Daily Dashboard

Health Data Not Covered in Breach Legislation

PRIVACY LAW—U.S.

August 5, 2011

The Center for Democracy and Technology's Harley Geiger writes that the data breach notification bills currently in congress would not protect health data processed by certain commercial services. The HIPAA Privacy Rule requires covered entities to notify individuals when their data is compromised, but with the influx of commercial health IT systems and applications, sensitive health data is increasingly being used by commercial products and services. As a result, neither current data breach draft legislation nor the Privacy Rule would require non-covered entities processing health data to notify individuals of a breach, which "makes it all the more important that the law evolves with technology to provide blanket privacy protection for health information in commercial contexts," the report states.
Full Story