On The Privacy Front

Mass. General is facing a possible class action lawsuit because one of its employees took private patient information home for the weekend and left it on the train.


The California Department of Public Health assessed an administrative penalty of $250,000 on Kaiser Foundation Hospital in Bellflower for allowing employees and physicians unauthorized access to a patient’s medical records. The penalty was assessed under a new medical privacy provision of California’s Health and Safety Code.


While privacy regulation continues to expand, Forbes reports that privacy regulations are counterproductive, creating a deluge of information that overwhelms and desensitizes the consumer. Further, Forbes reports that privacy regulations can hamper medical research since research companies, when unable to get the necessary consent forms completed must delay or drop research projects.


Whether or not you believe the privacy regulations are a good thing, their abundance does seem to make the purchase of privacy insurance more attractive. When considering coverage options, consider the following:


· Type of private data protected. Are only medical and/or financial data considered or are all types of private data for individuals covered? Does the data have to be electronic?


· Type of coverage available for fines and penalties. Are both defense costs and damages for privacy regulatory-imposed civil fines and penalties covered?


· Type of parameters applicable to the privacy notification coverage. Are there restrictions for when notification occurs for the policy to respond? Does the Insured need written or oral consent from the Insurer?


· Type of limits applied. Are any parts of the privacy protection sub-limited and/or do special coinsurance provisions apply?


How vast is the issue of securing private data? The President has just announced a new office and the development of a new position of Cybersecurity Coordinator to aid in securing America’s digital infrastructure and the Privacy Rights Clearinghouse reports that over 261 million data records have been exposed in the U.S. due to security breaches since January 2005.


Note: of course no amount of regulation can take the place of common sense, such as not keeping the passwords to encrypted data taped to the disk containing the private info (The Independent: NHS ‘loses’ thousands of medical records).