Patient Data Exposed Online

Today's Baltimore Sun reports on an incident involving Dental Network, a CareFirst BlueCross BlueShield dental HMO, in which the company accidentally exposed personal information, including Social Security numbers, of about 75,000 members on a public website. A Maryland Law (SB 194) enacted last year requires that businesses notify consumers of a breach of their personal information "as soon as reasonably practicable after the business discovers or is notified of the breach." In this case, it took 3 weeks before CareFirst notified customers of the breach.