With the advent of technology and globalization, the movement of personal data has taken a turn to a “business need” when it comes to data sharing between entities and countries. Technology has allowed business entities to transform their business models into international ones more easily than ever before. And because data sharing has become a “need” to ensure success for these entities, the personal data that is processed becomes valuable not only to the person the data belongs to and the business that uses it, but for many individuals and organizations out there that want this data for their own, often unlawful, purposes.
As a Security and Privacy Professional with a legal background, my focus is on understanding domestic regulations like HIPAA/HITECH and comparing these to international regulations like the EU’s Data Protection Directive. My experience includes reading, dissecting, and comparing complicated laws and regulations and the management of compliance assessment projects. Therefore, I am excited about this opportunity to share information regarding the importance and sensitivity of protected healthcare information (PHI), potential consequences of a data breach, and the impact of HIPAA/HITECH rules.
Covered Entities and Business Associates must adhere to the HIPAA/HITECH rules domestically. The controls that these entities must implement are not just there to “comply” with HIPAA/HITECH, but more importantly to prevent a data breach and protect the PHI that these entities rely on to survive as a business. This data is sensitive in nature and must be protected from the moment the entity receives it to the moment it leaves their complete control. With Business Associates receiving much speculation over the last few years, they along with Covered Entities must ensure they do their due diligence to ensure any other party (Business Associate) they work with in connection to this PHI, is also complying with the same controls in an effort to safeguard this data.
I will be writing a series of blog posts that will explore this theme by identifying key topics that are intertwined and connect with Covered Entities and Business Associates who share this sensitive data when conducting business together. Specifically, each post in the series will address one of the following six questions: