Security breach: Twice victimized
Eleanor Sundwall has a well-written commentary about the Utah Dept. of Health breach that I hope people read as she articulates how entities respond to a breach may leave the victims of a breach feeling even more victimized. You can read her commentary on the Salt Lake Tribune.
Eleanor’s story raises another issue, however. She writes:
In March, my 21-month-old daughter underwent surgery at Primary Children’s Medical Center. Even though she is privately insured, the medical center apparently gave her identity and health information to the Utah Department of Health’s Medicaid program.
Why did the medical center disclose her information to the state’s Medicaid program? Is that a HIPAA violation? Although she does not pursue that aspect, it’s something I would want to know more about, particularly since the information was subsequently stolen.