Here’s yet another incident that provides very good lessons that could be incorporated into information security and privacy training sessions as a case study, particularly for HIPAA compliance as well as secure disposal training…

“Dumped Tenn. medical files belonged to late doctor”
Note that under the HITECH Act, the recycler could also be liable and face noncompliance sanctions.

Tags: awareness and training, disposal, HIPAA, HITECH Act, Information Security, IT compliance, IT training, policies and procedures, privacy training, risk management, security training

This entry was posted on Thursday, May 21st, 2009 at 8:42 pm and is filed under Privacy and Compliance, Training & awareness. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.