Did Utah's failure to protect health data violate federal law?

The hacking of a Utah server containing Medicaid data has exposed a weakness—and a double-standard—in how the state handles sensitive health information. Until now, officials blamed the March 30 pilfering on human error. A state Department of Technology Services employee didn't follow protocol when placing a test server online and hackers exploited a weak password, they said. But on Thursday, they acknowledged data exposed in the breach was not encrypted—in possible violation of federal law. In jeopardy is the personal information of 780,000 Utahns.