Ben DiPietro reports:
Sony Pictures Entertainment could be penalized by regulators for the data breach that resulted in private health information of its employees becoming public, and could be socked with lawsuits as well. It remains to be seen which regulators might target the company, or which rules it might be accused of violating, but regardless of who wields the hammer there are lessons other companies can learn from this to better protect the health information of their workers.
It’s unclear whether Sony is subject to the federal Health Insurance Portability and Accountability Act because it doesn’t qualify as a “covered entity” as defined by the law, said Abner Weintraub, a principal consultant at advisory firm Expert HIPAA.
Read more on WSJ.
This issue of whether HIPAA applies continues to arise. Sony has its own health insurance plan that some employees enroll in, and Sony says it is under HIPAA in their privacy notice, so we’ll see what happens.