Practices that have experienced a breach, whether it was the fault of someone inside the practice or the result of a more sinister act such as cyber crime, have an obligation to mitigate the damages that can be caused from data falling into the wrong hands
http://www.amednews.com/article/20130902/business/130909996/5/?utm_source=rss&utm_medium=&utm_campaign=20130930