The risks today for the safety and privacy of healthcare information are many. Whether it’s someone hacking into a hospital database, or, as has been happening all too often, a careless employee leaving unprotected data behind, healthcare organizations everywhere have to be concerned about the increasing insecurity of their data.
Today four expert groups came together to release a report, The Financial Impact of Breached Protected Health Information: A Business Case for Enhanced PHI Security, that giveshealth care organizations a new way to evaluate the “at risk” value of protected health information (PHI)” and how to show healthcare organizations five ways to “make a business case for appropriate investments to better protect PHI,” according to a press release posted at prnewswire.com.
Working together, a collaboration of the American National Standards Institute (ANSI), via its Identity Theft Prevention and Identity Management Standards Panel (IDSP), in partnership with The Santa Fe Group/Shared Assessments Program Healthcare Working Group, and the Internet Security Alliance (ISA) created the “PHI Project,” a team effort with more than 100 health care industry leaders from over 70 organizations, according to the press release.
The press release states that the health care delivery system cannot run without trust – “a trust that those receiving health information will keep it confidential and secure.” Unfortunately, however, this trust is now under fire as the healthcare industry adopts electronic health records (EHRs), gets access to federal incentives, and tries to provide better patient care. As a result, the press release notes, PHI is now more vulnerable than ever “to accidental or impermissible disclosure, loss, or theft.”
The report has found that providers, payers, and business associates may not be keeping up with the growing risks of exposure “as a result of EHR adoption, the increasing number of organizations handling PHI, and the growing rewards of PHI theft,” according to the press release.
In December, thieves got their hands on almost 2 million patient records when they robbed the van containing them in New York City. It turns out that trust may be totally misplaced, as more and more breaches occur.
The report agrees, citing the fact that PHI data breaches are growing “in frequency and in magnitude with huge financial, legal/regulatory, operational, clinical, and reputational repercussions on the breached organization.”
To counter this, the report provides information for CISOs, CIOs, IT security, privacy, and compliance personnel to help them better understand the potential risks and liabilities resulting from data breaches, according to the press release.
The group came up with a five-step approach to assessing security risks and evaluating the “at risk” value of an organization’s PHI. Called the “PHI Value Estimator, this tool helps organizations assess overall potential data breach costs, and provides a way to determine “an appropriate level of investment needed to strengthen privacy and security programs and reduce the probability of a breach occurrence,” according to the press release.
“No organization can afford to ignore the potential consequences of a data breach,” said Rick Kam, president and co-founder of ID Experts, and chair of the PHI Project, said in the press release. “We assembled this working group to drive a meaningful dialogue on appropriate levels of investment to better protect healthcare organizations and PHI.”
Edited by
Rich Steeves
