CFAA May Extend Practice’s Reach After HIPAA Breach

February 1, 2016 – In The News
Medical Practice Compliance

Lucy Li was featured in the Medical Practice Compliance article, “CFAA May Extend Practice’s Reach After HIPAA Breach.” Full text can be found in the February, 2016, issue, but a synopsis is below.

Medical practices may not be able to sue hackers or “rogue” employees who access patient data due to HIPAA not providing a private right of action, but that may not prevent them from filing suit for violating the Computer Fraud and Abuse Act (CFAA).

The purpose of the CFAA is to prevent access that is unauthorized or that exceeds the user’s authority to information not in the public domain, such as patient data or trade secrets, says Fox Rothschild’s Lucy Li.

“It’s one tool to help you get compensated,” Li added.

Li continues by offering advice that practices may use to reduce the risk of unauthorized access and steps to ensure that the CFAA is an option if one becomes a victim.