A recent court case decided under California state law (not federal HIPAA law) held that a UCLA Health System physician was not liable for a data breach when his computer was stolen from his home. The computer contained protected health information of over 16,000 patients. The case was brought under the California Confidentiality of Medical Information Act.
The court decided that since the hard drive was encrypted, and since the plaintiff was not able to confirm that the information was actually accessed, the Board of Regents at the University of California was not accountable for the potential data disclosure. Once again, the court case stresses the importance of encrypting computers holding personal health information.
