Stupid is as stupid does: the Lake Ridge Middle School breach

A breach that was not reported on this site initially but was covered on, apparently involved medical information, too, as we now learn…

As a follow-up to previous coverage about the stolen Lake Ridge Middle School stolen thumb drive here and here, Andrea McCarren of WUSA-9 provides some additional details that have infuriated parents (emphasis added by me):

The device was taken from a bag in an administrator’s unlocked car in her unlocked garage.

….. On the stolen thumb drive: personal information on more 1,200 students-their names, phone numbers and sensitive information, including whether they have a medical condition.

Dollars to donuts says they don’t report this to HHS even though it has names and medical conditions, because these things are considered education records. There is a huge gap in protection and notification laws here, folks…..

About the author: Dissent

2 comments to “Stupid is as stupid does: the Lake Ridge Middle School breach”

You can leave a reply or Trackback this post.
  1. Anonymous - June 3, 2010

    There isn’t a need for them to report to HHS, as the school isn’t a covered entity under HIPAA. This would probably be a violation of FERPA, which is supposed to protect educational records, including health information held by educational institutions.

    • Anonymous - June 3, 2010

      There isn’t a law requiring them to report it to HHS and FERPA doesn’t require reporting or notification. Lovely. As I said, there’s a gap.

Comments are closed.