[BreachExchange] Fallout From HIV Data Breach Concerns Legal Experts

[Audrey McNeil]

https://www.newschannel5.com/news/fallout-from-hiv-data-
breach-concerns-legal-experts

It was a stunning admission by Metro Public Health officials last week,
that thousands of Tennesseans had their HIV status information compromised.
But moving forward legally might be tricky for those impacted by the data
breach.

For nearly nine months, a file containing the HIV status information of
thousands of Tennesseans sat on a publicly accessible server at the
department.

Officials found out about the problem in April but didn't publicly
acknowledge the issue until NewsChannel 5 and the Tennessean began asking
questions last week. The database contains information belonging to people
who tested positive for HIV as well as their social security numbers and
even sexual orientation.

Metro Public Health officials maintain that the information was never
accessed by anyone outside of the agency.

"Mistakes were made that made that information publicly accessible and
violated people's trust and confidence," says Thomas Ritter an attorney
with Thompson Burton law in Franklin.

Ritter, who is an expert is cyber security law, says patients impacted by
the data breach likely wouldn't be able to go after Metro Public Health
under HIPPA laws but could still possibly sue for negligence or emotional
distress damages.

He also would advise Metro to use this as an opportunity to implement a
more stringent security plan, which would include biannual reviews of
internal security policies and procedures surrounding data governance.

"I think there’s a huge expectation of privacy that when you hand over your
HIV status information, they’ll do their due diligence to protect it."
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20180718/a47de1cf/attachment.html>