PogoWasRight, An inexcusable gap from breach to notification, or an excusable one?
https://www.databreaches.net/an-inexcusable-gap-from-breach-to-notification-or-an-excusable-one/
Repeat after me: "Date of discovery" does NOT mean the date you completed any investigation. It is the date on which you first knew or reasonably should have known that you had a breach of unsecured PHI.
It is not a huge breach as breaches go, but Sightpath Medical's breach notification raises a lot of questions about compliance with HIPAA's Breach Notification Rule. I hope #HHSOCR investigates this one.
#HIPAA #HITECH #databreach #phi #cybersecurity #transparency #notification #vendor