While Oklahoma may be a world away from New Jersey, the headline I read during my recent visit to Oklahoma reminded me that agencies and practices in every state struggle with safeguarding confidential patient health information.
As reported by the Oklahoman, a used furniture store in Oklahoma City recently sold a surplus file cabinet to a customer named Kathy Montoya. To Montoya’s surprise, the file cabinet inadvertently contained files holding confidential information including health records, social security numbers, payroll information and the like.
While this episode did not involve a health practice, it reminds us of the fact that inadequate processes and controls can yield disastrous results. As a healthcare provider, these disastrous consequences may include governmental action or civil liability arising from HIPAA breaches, data breach disclosure laws, various privacy regulations and state common law.
If DHS’ breach had involved the compromise of electronic data, it would have triggered Oklahoma’s data breach notification law, which requires that notice be provided to all affected individuals regarding the breach. Most states have a version of this data breach notification law and we have compiled the details of these laws in our legal corner.
Disclaimer: The information contained within the MTBC® Learning Center is provided for general educational and informational purposes only and should not be construed as legal advice. The author of the Learning Center does not represent the Web site user or the individual submitting a particular question. Please seek the advice of legal counsel to address any specific questions you may have regarding your particular facts or circumstances