Class-Action Could Set Encryption Standard, Sen. Wants Investigation
PRIVACY LAW—U.S.November 29, 2011
Modern Healthcare reports on the class-action lawsuit filed by a patient of Sutter Medical Foundation claiming that the company failed to properly protect patient data. A stolen computer contained password-protected but unencrypted data on about 4.3 million people. The suit seeks $1,000 per breached patient record. At issue is whether it is negligent for a provider not to encrypt identifiable patient data. If the court decides "yes," says one expert, "It will create an enormous precedence as a standard of care." Meanwhile, Sen. Lisa Murkowski (R-AK) has called for an investigation into the recent TRICARE breach. She has also introduced an amendment calling for a risk assessment of third-party access to the stolen data.