A key lesson to be learned from this case "is that the Office for Civil Rights can only be pushed so far when a covered entity or business associate is shown to have systemic, management-driven failures in putting into place safeguards to protect its health information," says privacy attorney David Holtzman, vice president at the security consulting firm
Topic: Health Insurance Portability and Accountability Act (HIPAA)
The leak exposed personal data including Social Security numbers to the assigned posts of critical members of the US military, some of whom hold the highest levels of security clearance.
Watchdog Report Calls for Expanded Security Guidance, But Some Experts Want New Rule.
Federal regulators have announced a HIPAA resolution agreement with Lahey Hospital and Medical Center in Burlington, Mass., stemming from an investigation into the theft of a laptop that was used to operate a medical device.
Based on the BitSight report, the healthcare industry is near worst in overall security, with only education below them.