HIPAA ruling highlights importance of encrypting patient information

Share this content:

A California appeals court has handed a victory to a healthcare provider in a case that involved the loss of 16,000 patient records. The ruling emphasizes the importance of encrypting files.

The case was sparked by the 2011 theft of a laptop from the home of a physician associated with the University of California-Los Angeles. Patient Melinda Platter sued, seeking $1,000 in damages for herself and each of the other patients whose information was potentially compromised.

An appeals court in Los Angeles County ruled in favor of the University of California defendants, stating that there was no evidence that the confidential files were ever accessed. News sources characterized the Oct. 15 decision as surprising in light of the stringent requirements of the Health Insurance Portability and Accountability Act. Provider groups cheered the decision, noting that it might alleviate some of the burden that healthcare organizations bear in safeguarding digital data.

"The decision is good news for hospitals and other healthcare providers who are victims of theft or hacking of medical information where the plaintiff cannot prove that the thief or hacker actually viewed the medical information," the California Hospital Association stated.

However, the files in question were encrypted. Although the thief in this case also did steal the password to unlock the encrypted information, some observers cautioned that the ruling might not apply in cases involving unencrypted files.