An American hospital has discovered a data breach and believes some information was stolen from its databases. It believes more than 500 individuals are affected and is now required to alert those people and the media of the incident. What type of data was likely stolen?
Correct Incorrect Unanswered Report Issue Answer Description
Protected health information (PHI) is any information pertaining to a person's health that is stored by an organization. Things like medicines, health history, diagnoses, symptoms, etc. This information is protected in the US by the Health Insurance Portability and Accountability Act of 1996 (HIPAA). HIPAA requires a media notice if more than 500 individuals are affected by a data breach:
"Covered entities that experience a breach affecting more than 500 residents of a State or jurisdiction are, in addition to notifying the affected individuals, required to provide notice to prominent media outlets serving the State or jurisdiction. Covered entities will likely provide this notification in the form of a press release to appropriate media outlets serving the affected area." - hhs.gov
Wikipedia
Protected health information (PHI) under U.S. law is any information about health status, provision of health care, or payment for health care that is created or collected by a Covered Entity (or a Business Associate of a Covered Entity), and can be linked to a specific individual. This is interpreted rather broadly and includes any part of a patient's medical record or payment history.
Instead of being anonymized, PHI is often sought out in datasets for de-identification before researchers share the dataset publicly. Researchers remove individually identifiable PHI from a dataset to preserve privacy for research participants.
There are many forms of PHI, with the most common being physical storage in the form of paper-based personal health records (PHR). Other types of PHI include electronic health records, wearable technology, and mobile applications. In recent years, there has been a growing number of concerns regarding the safety and privacy of PHI.
Protected_health_information - Wikipedia, the free encyclopedia Subscribe to avoid duplicate questions and track your progress over time