By Steve Campbell
With the release of the recent The Financial Impact of Breached Protected Health Information: A Business Case for Enhanced PHI Security, health care organizations now have a new method to evaluate the “at risk” value of protected health information (PHI) that will enable them to make a business case for appropriate investments to better protect PHI. This report was created through the “PHI Project” – a collaboration of the American National Standards Institute (ANSI), via its Identity Theft Prevention and Identity Management Standards Panel (IDSP), in partnership with The Santa Fe Group/Shared Assessments Program Healthcare Working Group, and the Internet Security Alliance (ISA) – that involved a cross-section of more than 100 health care industry leaders from over 70 organizations. The report is available for free download at webstore.ansi.org/phi.
Health Care System Depends on Patient Trust in Confidentiality and Security The health care delivery system is founded upon trust – a trust that those receiving health information will keep it confidential and secure. This trust is now being tested as the health care industry moves to adopt electronic health records (EHR), access federal incentives, and facilitate better patient care. PHI is now more susceptible than ever to accidental or impermissible disclosure, loss, or theft. Health care organizations (providers, payers, and business associates) are not keeping pace with the growing risks of exposure as a result of EHR adoption, the increasing number of organizations handling PHI, and the growing rewards of PHI theft.
To view the original article please click here.
PHI Breaches Increasing with Far-Reaching Repercussions PHI data breaches are growing in frequency and in magnitude with huge financial, legal/regulatory, operational, clinical, and reputational repercussions on the breached organization. The report provides CISOs, CIOs, IT security, privacy, and compliance personnel with information to help them better understand the potential risks and liabilities resulting from data breaches.
The 5-Step Method to Estimate Breach Costs and Needed Investments in PHI Security Health care organizations reading this report can take immediate action using PHIve – the PHI Value Estimator – a 5-step method for assessing security risks and evaluating the “at risk” value of an organization’s PHI. This tool estimates overall potential data breach costs, and provides a methodology for determining an appropriate level of investment needed to strengthen privacy and security programs and reduce the probability of a breach occurrence.
“No organization can afford to ignore the potential consequences of a data breach,” said Rick Kam, president and co-founder of ID Experts, and chair of the PHI Project. “We assembled this working group to drive a meaningful dialogue on appropriate levels of investment to better protect healthcare organizations and PHI.”
“Health care is one of the most-breached industries,” said Dr. Larry Ponemon, chairman and founder, Ponemon Institute. “Health care providers and supporting organizations don’t currently have sufficient security and privacy budgets, including adequate processes and resources, to protect sensitive patient data. This report will help them understand what they need to do to augment their efforts.”