Philadelphia hepatitis data exposure posed ‘no risk to confidentiality’ because of Inquirer notification, city says
Nathaniel Lash reports:
The medical records of thousands of Philadelphians were not compromised, the city said, after The Inquirer notified the city’s Health Department of a data breach that attached positive hepatitis test results with intimate personal details.
This finding comes after an investigation by the city’s Public Health Department and a team with the Centers for Disease Control and Prevention concluded that an Inquirer reporter was the only person to see the records before notifying the department of the breach.[…]
The city said the records were not protected under the Health Insurance Portability and Accountability Act, a federal law that imposes strict data privacy standards on health-care providers and insurance agencies. The health department said the data was not used by a so-called “covered unit” subject to HIPAA.
Read more on The Philadelphia Inquirer.