You know what I realized today? Another reason you might want to use proper medical data encryption to ensure HIPAA compliance is because you want to ensure that you don't waste time (and money) appealing what appears to be a boneheaded decision by a jury.According to indystar.com, a jury of six deliberated for four days and came to the conclusion that Walgreens should pay an aggrieved plaintiff the lofty sum of $1.44 million dollars. The decision is unusual because Walgreens didn't do anything wrong (at least, as far as I can see).
The above case raises questions, though. Let's say that a company has a computer user policy that prevents employees from downloading sensitive data to laptop computers, or taking said computers outside the workplace.Lo and behold, an employee downloads sensitive data to his company-issued laptop and loses the device while he's on a conference trip. Is the company not at fault? After all, the parallels to the above case are exact. And yet, there's a part of me that feels that the company should have known better.What's causing the cognitive dissonance? Possibly, it's a matter of expectations: while we don't expect people to download information to laptops, we know it's going to happen. Indeed, we know it happens. Often enough that it can account for up to 30% of data breaches.It happens so often that we kind of expect the companies to expect it, too. Hence the call for the use of encryption software on any computers and external storage devices that are used in the workplace.Pharmacists looking up patient information and using it for something other than medical prescriptions? That's uncalled for and we expect better from anyone in the medical profession (especially those who are not just holding a clerical or administrative position, but one who is directly in charge of human health).Still, you can see how it appears as if there are double standards. Will it stay this way? Or will the US courts opt to become strictly logical and penalize companies for employees' misdeeds regardless of what "expectations" are?