The article summarizes UCLA Health's $7.5 million settlement of a data breach class action. As the article notes, $2 million of the $7.5 million will be set aside for patient claims. The remaining $5.5 million will be paid to acybersecurityfund that will be used to improvecybersecuritydefenses at UCLA Health.Does that division of the settlement funds seem fair to you? Why or why not?

In addition, the plaintiffs argued that they should have been notified more promptly of the data breach---as they were not notified until 9 months after the breach. However, UCLA had complied withHIPAA'srequirement to notify within 60 days from the date of discovery that PHI had actually been compromised. Do you think plaintiffs are correct and the law should be amended to require notification within a shorter time frame from notice of the initial breach, rather than within 60 days of notice that PHI was compromised? In other words, should UCLA have notified plaintiffs within 60 days of October 2014 when it first learned of the breach---regardless of whether it knew for certain that PHI had been compromised? What are the benefits of earlier notification? What are the disadvantages of earlier notification? Thoughts?

https://www.hipaajournal.com/ucla-health-settles-class-action-data-breach-lawsuit-for-7-5-million/