Elizabeth Litten writes:
This case has nothing to do with HIPAA, but should be a warning to zealous covered entities and other types of business entities trying to give patients or consumers more information about data privacy than is required under applicable law. In short, giving individuals more information is not better, especially where the information might be construed as partially inaccurate or misleading.
Read more on Fox Rothschild Privacy Compliance & Data Security,