Questions? Call (855) 670-8780 or email security@compliancepoint.com   Visit us on LinkedIN  

Healthcare Data Breaches: When & How Often Do Data Breaches Occur?

 

February 10, 2016

 

 

 

Attention to how medical information is treated by Covered Entities and Business Associates has been heightened in the information security field over the last couple of years. With 2014 dubbed the “Year of the Mega Breach”, much of the concentration of information security, or lack thereof, has revolved around companies like Target and Home Depot.

With so much attention paid to these types of organizations, their security framework and how card holder data is protected, it was an unexpected surprise for all in the medical field when healthcare data breaches started occurring at the same rate the following year.

Ultimately, 2015 will be known as the “Year of the Healthcare Security Breach”, focusing both on Covered Entities and Business Associates.

Before the first half of 2015 was over, five of the eight largest ever security breaches in the medical sector had occurred. An astonishing 34% of compromised records, compared to 0.63% between 2011 and 2014, has led to a state of panic between both Covered Entities and Business Associates.

More and more Americans are becoming victims of health

Read More

Topics: HIPAA, Covered Entities, Business Associates, Health Information, Privacy, PHI, HITECH, Data Breach, Security, HIMSS16, card holder data, security breach, medical information, HHS, healthcare, information security

Healthcare Data Breaches: Who Wants PHI?

 

January 12, 2016

 

 

In the previous blog post, we discussed the types of entities who need protected health information (PHI) to conduct their business or provide their services. Now, let’s discuss what entities or individuals are typically interested in obtaining this PHI.

Who is Interested in Obtaining PHI?

There is no single group of people or type of organization stealing PHI for unlawful purposes. However, by looking at the 18 PHI identifiers listed below, we can see that the type of information collected and protected under HIPAA can be used for many purposes that negatively affect those whose PHI is compromised.

Read More

Topics: Protected Health Information, HIPAA, Covered Entities, Business Associates, Health Information, Privacy, Privacy Rule, PHI, Data Breach, Security, HIMSS16, Information, healthcare, Illegal Use, Unlawful Use

Healthcare Data Breaches: Who Needs PHI to Conduct Business?

 

January 6, 2016

 

 

As promised in my introductory blog post, I will be writing a blog series exploring several issues regarding healthcare data breaches. Specifically, I will address the importance of proactively preventing them rather than reacting to them after the damage is done.

Who Needs PHI to Conduct Business?

Individually identifiable health information held or transmitted by a Covered Entity or Business Associate is protected under the HIPAA Privacy Rule and is formally called Protected Health Information (PHI).

PHI can be any record form or medium: electronic, paper, or oral. PHI can also include demographic information and relate to an individual’s past, present, or future physical or mental health or condition, the provision of healthcare to the individual, or the payment status for the provision of healthcare to the individual.

Individuals, organizations, and agencies that fall under the HIPAA definitions of a Covered Entity or a Business Associate must comply with the HIPAA/HITECH Rules in order to adequately protect the privacy and security of PHI while also providing individuals specific access to their PHI.

Read More

Topics: Protected Health Information, HIPAA, Covered Entities, Business Associates, Health Information, Business Associate Agreement, Privacy, PHI, HITECH, HIMSS, Data Breach, Security, healthcare

Healthcare Data Breaches: Preventing Instead of Reacting

 

December 22, 2015

 

 

With the advent of technology and globalization, the movement of personal data has taken a turn to a “business need” when it comes to data sharing between entities and countries. Technology has allowed business entities to transform their business models into international ones more easily than ever before. And because data sharing has become a “need” to ensure success for these entities, the personal data that is processed becomes valuable not only to the person the data belongs to and the business that uses it, but for many individuals and organizations out there that want this data for their own, often unlawful, purposes.

As a Security and Privacy Professional with a legal background, my focus is on understanding domestic regulations like HIPAA/HITECH and comparing these to international regulations like the EU’s Data Protection Directive. My experience includes reading, dissecting, and comparing complicated laws and regulations and the management of compliance assessment projects. Therefore, I am excited about this opportunity to share information regarding the importance and sensitivity of protected healthcare information (PHI), potential consequences of a data breach, and the impact of HIPAA/HITECH rules.

Covered Entities and Business Associates must adhere to the HIPAA/HITECH rules domestically. The controls that these entities must implement are not just there to “comply” with HIPAA/HITECH, but more importantly to prevent a data breach and protect the PHI that these entities rely on to survive as a business. This data is sensitive in nature and must be protected from the moment the entity receives it to the moment it leaves their complete control. With Business Associates receiving much speculation over the last few years, they along with Covered Entities must ensure they do their due diligence to ensure any other party (Business Associate) they work with in connection to this PHI, is also complying with the same controls in an effort to safeguard this data.

I will be writing a series of blog posts that will explore this theme by identifying key topics that are intertwined and connect with Covered Entities and Business Associates who share this sensitive data when conducting business together. Specifically, each post in the series will address one of the following six questions:

Read More

Topics: data security, compliance, healthcare

Subscribe to Our Blog Via Email

Recent Posts