Uploaded bydkarpinsky
248 views

Hitech for HIPAA

The document discusses the ongoing issue of medical privacy breaches in healthcare, highlighting the significant financial and reputational damage these incidents can cause. It outlines the provisions of the HITECH Act, which provides funding to support electronic health record systems while expanding HIPAA's compliance requirements and enforcement penalties. The document emphasizes the need for healthcare organizations to implement strategic data classification and information management practices to better protect patient information and mitigate breaches.

Embed presentation

F RENSICS CORPORATION TM HITECH for HIPAA www.forensicscorp.com info@forensicscorp.com 877.248.DATA 480.747.1732
Overview Medical privacy breaches continue to be a serious problem for healthcare and life sciences. Some of the most highly respected healthcare organizations in the country still suffer data breaches, and new breaches make headlines regularly. 4,479,859 Annual US Medical Privacy Breaches 2,309,503 Source: http://datalossdb.org 1,733,786 1,294,105 195,000 2004 2005 2006 2007 2008 “It takes 20 years to build a reputation and 5 minutes to ruin it.” Warren Buffet www.forensicscorp.com
The Good • Buried within the Economic Stimulus Bill is the Health Information Technology for Economic and Clinical Health (HITECH) Act. • The HITECH Act provides approximately $31.2 billion for healthcare infrastructure and adoption of electronic health records (EHR). The Congressional Budget Office assumes that the Act will save federal healthcare programs an estimated $12 billion from higher EHR use, resulting in a net cost to the federal government of $19.2 billion. • The money largely flows from Medicare and Medicaid incentives to physicians and hospitals for the "meaningful use" of certified EHRs, including existing systems as well as new installations or upgrades. Non-hospital based physicians could receive up to $44,000 from Medicare or $64,000 from Medicaid, and hospitals with high Medicare and Medicaid volumes could receive up to $11 million. These incentives will be paid out over a 4- to 5-year period beginning in 2011. www.forensicscorp.com
The Bad • Medical privacy breaches continue to be a serious problem for healthcare and life sciences. Some of the most highly respected healthcare organizations in the country still suffer data breaches, and new breaches make headlines regularly. • The HITECH Act expands HIPAA's coverage, increases compliance obligations, and strengthens enforcement penalties. • In response to the growing number of privacy breaches, the ARRA expands the scope of the HIPAA Privacy and Security Rules.2 • Beginning on September 15, 2009, HIPAA-covered entities will be required to notify individuals when their “unsecured” PHI has been compromised. The new enforcement provisions will make compliance failure more costly and visible to the public. These new requirements will require greater efforts by healthcare-related organizations to protect PHI and increase the risk of penalties, fines, and litigation. 15 workers fired for accessing Octuplet Mom’s File Kaiser Permanente spokesman said Monday that this was a violation of healthcare privacy laws… Orange Country register UCLA Workers snooped in Spears’ Medical Records March 30, 2009 The Medical Center is taking steps to fire at least 13 employees and is discipling others, including doctors, for looking at the pop star’s confidential files. Los Angeles Times March 15, 2008 www.forensicscorp.com
and The Ugly • Medical privacy breaches continue to be a serious problem for healthcare and life sciences. Some of the most highly respected healthcare organizations in the country still suffer data breaches, and new breaches make headlines regularly and consequences can be severe. • To date, the consequences of health data breaches have fallen into two categories: financial; and damage to an organization’s image and reputation. • Monetary losses resulting from privacy breaches are due to fines, penalties, legal fees, staff time spent responding to the incident, lost business, and in the case for-profit HCOs, decreased stock valuation. • Based on a recent Ponemon Institute study, the average cost per lost healthcare record was projected to be $282 per record in 2008, or nearly $3 million for breach of 10,000 records. • Across all industries, the average per-incident cost of privacy breaches in 2008 was $6.7 million, up from $6.3 million in 2007. www.forensicscorp.com
Notable Breaches HCO Date Exposed Records Exploit Aetna 5/28/2009 65,000 Web Kaiser Permanente 2/6/2009 29,500 Unknown Baylor Health Care System 11/4/2008 100,000 Stolen Laptop University of Utah Hospitals & Clinics 6/10/2008 2,200,000 Stolen Tape NY – Presbyterian Hospital 4/11/2008 49,841 Internet Fraud WellPoint 4/8/2008 128,000 Web United Healthcare 6/25/2007 17,000 Internet Fraud John Hopkins Hospital 2/7/07 52,000 Lost Tape St. Francis Hospital 10/23/2006 260,000 Lost Media Kaiser Permanente 7/27/2006 160,000 Stolen Laptop Humana Medicare 6/3/2006 17,000 Web Aetna 4/26/2006 39,000 Stolen Laptop Source: http://datalossdb.org http://www.privacyrights.org/ar/ChronDataBreaches.htm www.forensicscorp.com
The Need for New Approach • Electronic PHI (protected health information) can reside anywhere, which means that healthcare organizations need to focus their efforts on protecting sensitive information wherever it is stored. The aggressive promotion of HIT systems, coupled with the exponential growth of digital storage, increases the potential number and severity of data breaches and other security issues. • Whether a result of hackers or employees, companies remain at risk of losing or compromising information assets. In this difficult economic environment with increasing regulatory demands, HCOs need to consider a more holistic and efficient approach to information management based on a strategic data classification program that discovers and controls PHI wherever it is stored. www.forensicscorp.com
The Challenge • The fragmented approach to healthcare delivery also hinders efforts to systematically and comprehensively manage PHI, resulting in inconsistent approaches involving the use of ineffective methods and variable application of methods known to be effective, and yielding unpredictable results. • Most healthcare providers place a high priority on protecting the privacy of PHI. However, with so many people from so many entities accessing PHI in so many ways, their understanding of both the importance of this protection and how to effectively facilitate it will inevitably vary. Something will undoubtedly fall through. • “Most companies do not have adequate processes or technologies to manage their unstructured data. 75 percent said they were concerned that their unstructured data was growing too rapidly. 63 percent said they did not have adequate systems to manage it.” Computerworld survey of 250 large companies In 25 percent of reported data breaches, the organization did not know how many records were compromised by the breach. www.forensicscorp.com
The Solution • Most data and privacy breaches are avoidable. Traditionally, organizations have applied a networkcentric focus to securing systems, based on defined confidentiality levels for storing and processing data. • While still a necessary component, a more informationcentric approach is needed today. Better control and protection of confidential and sensitive information requires first an awareness of where data are stored and how it is protected. • Enterprises should implement a strategic information management program by classifying data to help reduce their corporate risk exposure, decrease information discovery times, improve compliance status, and potentially realize significant cost savings through an effective data disposal program. www.forensicscorp.com
The Solution • Forensics Corp derives its strategic approach to building and executing a data classification program from a logical and comprehensive workflow. Analyze Realign Define Data Discover Data Security Practice with Classification Schema Storage Areas Deficiencies Policies • With a successfully implemented data classification strategy, an HCO can focus more heavily on where it must provide additional efforts and resources to mature its information management program to a more strategic level www.forensicscorp.com
The Solution Because PHI can now be stored in digital form in myriad locations, healthcare- related organizations must intensify their efforts to know where patient- sensitive information is located and ensure that it is protected wherever it is stored. The aggressive promotion of HIT systems, coupled with the exponential growth of digital storage, exacerbates the number and severity of data breaches and other security issues. Whether a privacy breach is caused by hackers or well- intentioned employees, the damages and other consequences are the same. To achieve the goals of the new legal requirements, healthcare-related organizations will need to execute a strategic data classification program and utilize a more holistic approach to information security management to better safeguard protected health information. www.forensicscorp.com
Forensics Corporation Partnering Together To: • Review, assess and update policies and processes. • Establish a Data Classification / HITECH Team. • Discover Data Storage areas. • Analyze Risk. • Realign Practice with Policy. • Leverage technology to enforce policy. • Provide training and good communication policies for employees. www.forensicscorp.com
Contact Us Email: info@forensicscorp.com Tel.: +1.480.747.1732 or Tel.: 1.877.248.DATA (3282) Or for more information visit us at: www.forensicscorp.com www.forensicscorp.com

More Related Content

PDF
Protecting Data in the Healthcare Industry - Storage Made Easy - Osterman Res...
byHybrid Cloud
 
DOC
GIST 698 Research Paper
byRyan Flanagan
 
DOCX
Patient Privacy Protections
bykwittman
 
PDF
AVAILABILITY, ACCESSIBILITY, PRIVACY AND SAFETY ISSUES FACING ELECTRONIC MEDI...
byijsptm
 
DOCX
Sarah Kim HIPAA for Small Providers
bySarah Kim
 
PPT
Technologies and procedures for HIPAA compliance
byJack Shaffer
 
PDF
Privacy Preserving for Mobile Health Data
byIRJET Journal
 
PDF
Healthcare Attorneys Feel the Healthcare Industry Is More Vulnerable to Cyber...
bymosmedicalreview
 
Protecting Data in the Healthcare Industry - Storage Made Easy - Osterman Res...
byHybrid Cloud
 
GIST 698 Research Paper
byRyan Flanagan
 
Patient Privacy Protections
bykwittman
 
AVAILABILITY, ACCESSIBILITY, PRIVACY AND SAFETY ISSUES FACING ELECTRONIC MEDI...
byijsptm
 
Sarah Kim HIPAA for Small Providers
bySarah Kim
 
Technologies and procedures for HIPAA compliance
byJack Shaffer
 
Privacy Preserving for Mobile Health Data
byIRJET Journal
 
Healthcare Attorneys Feel the Healthcare Industry Is More Vulnerable to Cyber...
bymosmedicalreview
 

What's hot

PDF
Healthcare preparedness 2010
byDataMotion
 
PDF
Fourth Annual Benchmark Study on Patient Privacy & Data Security
by- Mark - Fullbright
 
PDF
Fourth Annual Benchmark Study on Patient Privacy & Data Security
by- Mark - Fullbright
 
PPTX
Data Breach: It Can Happen To You
byCooperative of American Physicians, Inc.
 
PDF
Digital Health Data
byShahidul Islam Khan Nayeem
 
PDF
Carmel Shachar, "Potential Roadblocks in Health Care Big Data Collection: Gob...
byThe Petrie-Flom Center for Health Law Policy, Biotechnology, and Bioethics
 
PPTX
HIPAA Security Risk Analysis for Business Associates
byRedspin, Inc.
 
PDF
HIPAA and HITECH : What you need to know
byShred-it
 
PDF
Tal Zarsky, "Correlation v. Causation in Health-Related Big Data Analysis: Th...
byThe Petrie-Flom Center for Health Law Policy, Biotechnology, and Bioethics
 
PDF
Data Breaches
bysstose
 
PDF
Hitech Act
byISACA New England
 
PDF
Third Annual Study on Patient Privacy
by- Mark - Fullbright
 
PDF
Your healthy practice July/August 2011
byKushner LaGraize, LLC
 
PDF
Compliance
byMark Lanterman
 
PDF
Data Breach Response Checklist
by- Mark - Fullbright
 
DOCX
Cost of Data Breah in Healthcare_Quinlan, Courtney
bycourtneyquinlan
 
PPTX
Board Priorities for GDPR Implementation
byJoseph V. Moreno
 
PDF
Reasons for the Popularity of Medical Record Theft
byOPSWAT
 
PPTX
Industry and Firm Analysis
byAshley Leonzio
 
PPTX
10 Steps Toward Information Governance Nirvana
byChristian Buckley
 
Healthcare preparedness 2010
byDataMotion
 
Fourth Annual Benchmark Study on Patient Privacy & Data Security
by- Mark - Fullbright
 
Fourth Annual Benchmark Study on Patient Privacy & Data Security
by- Mark - Fullbright
 
Data Breach: It Can Happen To You
byCooperative of American Physicians, Inc.
 
Digital Health Data
byShahidul Islam Khan Nayeem
 
Carmel Shachar, "Potential Roadblocks in Health Care Big Data Collection: Gob...
byThe Petrie-Flom Center for Health Law Policy, Biotechnology, and Bioethics
 
HIPAA Security Risk Analysis for Business Associates
byRedspin, Inc.
 
HIPAA and HITECH : What you need to know
byShred-it
 
Tal Zarsky, "Correlation v. Causation in Health-Related Big Data Analysis: Th...
byThe Petrie-Flom Center for Health Law Policy, Biotechnology, and Bioethics
 
Data Breaches
bysstose
 
Hitech Act
byISACA New England
 
Third Annual Study on Patient Privacy
by- Mark - Fullbright
 
Your healthy practice July/August 2011
byKushner LaGraize, LLC
 
Compliance
byMark Lanterman
 
Data Breach Response Checklist
by- Mark - Fullbright
 
Cost of Data Breah in Healthcare_Quinlan, Courtney
bycourtneyquinlan
 
Board Priorities for GDPR Implementation
byJoseph V. Moreno
 
Reasons for the Popularity of Medical Record Theft
byOPSWAT
 
Industry and Firm Analysis
byAshley Leonzio
 
10 Steps Toward Information Governance Nirvana
byChristian Buckley
 

Viewers also liked

PPTX
House of human istanbul- Koçluk için Oyunlaştırma
byErcan Altuğ YILMAZ
 
PDF
Daily express viva valencia
bylalolarestaurante
 
KEY
5 Pro Tips for Social Media Marketing Your Business
byTravis Allison
 
PDF
White House Neighborhood Revitalization Initiative
byObama White House
 
DOCX
โครงงาน โรคไบโพลาร์-Bipolar-คนสองบุคลิก
byphurinwisachai
 
PDF
[학생발표]십자성마을_2020에너지자립비전및계획_2014SEL포럼
bySTUDENT ENERGY LAB
 
PDF
French: Ramadan Message Of President Obama
byObama White House
 
PDF
Protect Office 365 data on unmanaged devices.PDF
byJoseph Glocke
 
PPT
TGIX sept 2/9/10
byIlluminati Quiz
 
PDF
SERA Email 1.20.03
byObama White House
 
PDF
English: Ramadan Message Of President Obama
byObama White House
 
PPTX
Всероссийский литературный фестиваль "Белое птяно"
byNovosibirsk regional universal research library
 
PDF
RCEC Email 4.16.03
byObama White House
 
PDF
CAR Email 6.3.02 (v)
byObama White House
 
PPS
A sua manhã
byIrene Aguiar
 
PPTX
201308 回路部ワークショップ(ランプ)資料
byRyusuke Izumida
 
PDF
C ciz vdelavani ucit priloha
byJosef Zemek
 
PDF
EPA CAA Email 10.04.03 (a)
byObama White House
 
PDF
General Services Administration Preliminary Regulatory Reform Plan
byObama White House
 
PPTX
Eventtemptations
byc_amillep
 
House of human istanbul- Koçluk için Oyunlaştırma
byErcan Altuğ YILMAZ
 
Daily express viva valencia
bylalolarestaurante
 
5 Pro Tips for Social Media Marketing Your Business
byTravis Allison
 
White House Neighborhood Revitalization Initiative
byObama White House
 
โครงงาน โรคไบโพลาร์-Bipolar-คนสองบุคลิก
byphurinwisachai
 
[학생발표]십자성마을_2020에너지자립비전및계획_2014SEL포럼
bySTUDENT ENERGY LAB
 
French: Ramadan Message Of President Obama
byObama White House
 
Protect Office 365 data on unmanaged devices.PDF
byJoseph Glocke
 
TGIX sept 2/9/10
byIlluminati Quiz
 
SERA Email 1.20.03
byObama White House
 
English: Ramadan Message Of President Obama
byObama White House
 
Всероссийский литературный фестиваль "Белое птяно"
byNovosibirsk regional universal research library
 
RCEC Email 4.16.03
byObama White House
 
CAR Email 6.3.02 (v)
byObama White House
 
A sua manhã
byIrene Aguiar
 
201308 回路部ワークショップ(ランプ)資料
byRyusuke Izumida
 
C ciz vdelavani ucit priloha
byJosef Zemek
 
EPA CAA Email 10.04.03 (a)
byObama White House
 
General Services Administration Preliminary Regulatory Reform Plan
byObama White House
 
Eventtemptations
byc_amillep
 

Similar to Hitech for HIPAA

PDF
Session # 9 Nanji Himss10 Presentation Sent To Himss Revised And Final
byFeisal Nanji
 
PPTX
Healthcare Cyber Security Webinar
byHealthCareManagement
 
PDF
Redspin PHI Breach Report 2012
byRedspin, Inc.
 
DOCX
Peer Review FormComplete the form by inserting your answer.docx
bytemplestewart19
 
PPT
Avoid Privacy by Disaster by Adopting Privacy by Design
bybradley_g
 
PPTX
Cyber & Privacy Liability for Health Care Industry
byFerrariT1
 
PPTX
HIPAA breaches 2017
byHIPAA Journal
 
PDF
Don't let them take a byte
bylgcdcpas
 
PDF
Cybercrime and the Healthcare Industry
byEMC
 
PDF
Audit Reality Webinar
byCompliancy Group
 
PDF
Medical Information Security
byCSCJournals
 
PDF
Keynote Presentation "Building a Culture of Privacy and Security into Your Or...
byHealth IT Conference – iHT2
 
PDF
Hippa breaches
byViSolve, Inc.
 
PDF
Safeguarding Patient Privacy in a Digital Age (Brian Kalis)
byU.S. News Healthcare of Tomorrow
 
PDF
Pitfalls of Documentation in the Age of Ehr
byCompliancy Group
 
PPTX
Data security
byoco26
 
DOCX
Page 9 of 15Capstone ProjectYaima OrtizIDS-4934.docx
byhoney690131
 
DOCX
Page 9 of 15Capstone ProjectYaima OrtizIDS-4934.docx
bykarlhennesey
 
PDF
Cybercrime and the Healthcare Industry
byEMC
 
PPTX
Hipaa overview 073118
byrobint2125
 
Session # 9 Nanji Himss10 Presentation Sent To Himss Revised And Final
byFeisal Nanji
 
Healthcare Cyber Security Webinar
byHealthCareManagement
 
Redspin PHI Breach Report 2012
byRedspin, Inc.
 
Peer Review FormComplete the form by inserting your answer.docx
bytemplestewart19
 
Avoid Privacy by Disaster by Adopting Privacy by Design
bybradley_g
 
Cyber & Privacy Liability for Health Care Industry
byFerrariT1
 
HIPAA breaches 2017
byHIPAA Journal
 
Don't let them take a byte
bylgcdcpas
 
Cybercrime and the Healthcare Industry
byEMC
 
Audit Reality Webinar
byCompliancy Group
 
Medical Information Security
byCSCJournals
 
Keynote Presentation "Building a Culture of Privacy and Security into Your Or...
byHealth IT Conference – iHT2
 
Hippa breaches
byViSolve, Inc.
 
Safeguarding Patient Privacy in a Digital Age (Brian Kalis)
byU.S. News Healthcare of Tomorrow
 
Pitfalls of Documentation in the Age of Ehr
byCompliancy Group
 
Data security
byoco26
 
Page 9 of 15Capstone ProjectYaima OrtizIDS-4934.docx
byhoney690131
 
Page 9 of 15Capstone ProjectYaima OrtizIDS-4934.docx
bykarlhennesey
 
Cybercrime and the Healthcare Industry
byEMC
 
Hipaa overview 073118
byrobint2125
 

Recently uploaded

PDF
Web3 - Applications and Architectures - History and Horizons
byGokul Alex
 
PDF
What ONIX can do: Leveraging metadata to support the discoverability of First...
byBookNet Canada
 
PDF
A Simple Guide to Real Estate Tokenization on XRP Ledger.pdf
byemmajoh2025
 
PDF
Chapter 3 Cryptography and encryption techniques.pdf
byGetnet Tigabie Askale -(GM)
 
PDF
Real-Time AI Masterclass: Vector Search at Scale
byScyllaDB
 
PPTX
Code Like Bro -A guide for better Coding
byMadan Panthi
 
PDF
apidays Australia 2025 | The Strategic Role of APIs in Digital Transformation
byapidays
 
PDF
Transcript: What ONIX can do: Leveraging metadata to support the discoverabil...
byBookNet Canada
 
PDF
Peculiar Findings Around CEX Activity and ETH Price
bytobbymnbvcxz
 
PDF
Ethical AI applied to publishing: Presenting wâsikan kisewâtisiwin, an AI too...
byBookNet Canada
 
PPTX
Spacecraft Guidance Quick Research Guide by Arthur Morgan
byArthur Morgan
 
PPTX
Understanding-Search-Algorithms_09-12-25.pptx
byshaikmahammedtauheed
 
PDF
Skills to Pass the UiPath Agentic Automation Associate (UiAAA) Certification
byUiPathCommunity
 
PPTX
6G and Non-Terrestrial Networks (NTN) Testing.pptx
byXRComm
 
PDF
Certified AI-Empowered SAFe 6 Scrum Master.pdf
byMarc Entsminger SPC6, RTE, SSM, SA, SDP
 
PDF
Why Are Cloud Migration Services Essential for Modern Business Growth?
byGeoPITS Global Pvt Ltd
 
PDF
Certified AI-Empowered SAFe Release Train Engineer.pdf
byMarc Entsminger SPC6, RTE, SSM, SA, SDP
 
PPTX
CRM for the Insurance Industry Lessons for Insurance CIOs and Digital Leaders...
byKerry Millar
 
PPTX
API Gateway Architecture - Technical Report 2026
byPowersoft2026
 
PDF
Global Asset Tokenization Platforms – Summary (2026) - Garima Singh
byGarima Singh
 
Web3 - Applications and Architectures - History and Horizons
byGokul Alex
 
What ONIX can do: Leveraging metadata to support the discoverability of First...
byBookNet Canada
 
A Simple Guide to Real Estate Tokenization on XRP Ledger.pdf
byemmajoh2025
 
Chapter 3 Cryptography and encryption techniques.pdf
byGetnet Tigabie Askale -(GM)
 
Real-Time AI Masterclass: Vector Search at Scale
byScyllaDB
 
Code Like Bro -A guide for better Coding
byMadan Panthi
 
apidays Australia 2025 | The Strategic Role of APIs in Digital Transformation
byapidays
 
Transcript: What ONIX can do: Leveraging metadata to support the discoverabil...
byBookNet Canada
 
Peculiar Findings Around CEX Activity and ETH Price
bytobbymnbvcxz
 
Ethical AI applied to publishing: Presenting wâsikan kisewâtisiwin, an AI too...
byBookNet Canada
 
Spacecraft Guidance Quick Research Guide by Arthur Morgan
byArthur Morgan
 
Understanding-Search-Algorithms_09-12-25.pptx
byshaikmahammedtauheed
 
Skills to Pass the UiPath Agentic Automation Associate (UiAAA) Certification
byUiPathCommunity
 
6G and Non-Terrestrial Networks (NTN) Testing.pptx
byXRComm
 
Certified AI-Empowered SAFe 6 Scrum Master.pdf
byMarc Entsminger SPC6, RTE, SSM, SA, SDP
 
Why Are Cloud Migration Services Essential for Modern Business Growth?
byGeoPITS Global Pvt Ltd
 
Certified AI-Empowered SAFe Release Train Engineer.pdf
byMarc Entsminger SPC6, RTE, SSM, SA, SDP
 
CRM for the Insurance Industry Lessons for Insurance CIOs and Digital Leaders...
byKerry Millar
 
API Gateway Architecture - Technical Report 2026
byPowersoft2026
 
Global Asset Tokenization Platforms – Summary (2026) - Garima Singh
byGarima Singh
 

Hitech for HIPAA

  • 1.
    F RENSICS CORPORATION TM HITECH for HIPAA www.forensicscorp.com info@forensicscorp.com 877.248.DATA 480.747.1732
  • 2.
    Overview Medical privacy breachescontinue to be a serious problem for healthcare and life sciences. Some of the most highly respected healthcare organizations in the country still suffer data breaches, and new breaches make headlines regularly. 4,479,859 Annual US Medical Privacy Breaches 2,309,503 Source: http://datalossdb.org 1,733,786 1,294,105 195,000 2004 2005 2006 2007 2008 “It takes 20 years to build a reputation and 5 minutes to ruin it.” Warren Buffet www.forensicscorp.com
  • 3.
    The Good • Buried within the Economic Stimulus Bill is the Health Information Technology for Economic and Clinical Health (HITECH) Act. • The HITECH Act provides approximately $31.2 billion for healthcare infrastructure and adoption of electronic health records (EHR). The Congressional Budget Office assumes that the Act will save federal healthcare programs an estimated $12 billion from higher EHR use, resulting in a net cost to the federal government of $19.2 billion. • The money largely flows from Medicare and Medicaid incentives to physicians and hospitals for the "meaningful use" of certified EHRs, including existing systems as well as new installations or upgrades. Non-hospital based physicians could receive up to $44,000 from Medicare or $64,000 from Medicaid, and hospitals with high Medicare and Medicaid volumes could receive up to $11 million. These incentives will be paid out over a 4- to 5-year period beginning in 2011. www.forensicscorp.com
  • 4.
    The Bad • Medical privacy breaches continue to be a serious problem for healthcare and life sciences. Some of the most highly respected healthcare organizations in the country still suffer data breaches, and new breaches make headlines regularly. • The HITECH Act expands HIPAA's coverage, increases compliance obligations, and strengthens enforcement penalties. • In response to the growing number of privacy breaches, the ARRA expands the scope of the HIPAA Privacy and Security Rules.2 • Beginning on September 15, 2009, HIPAA-covered entities will be required to notify individuals when their “unsecured” PHI has been compromised. The new enforcement provisions will make compliance failure more costly and visible to the public. These new requirements will require greater efforts by healthcare-related organizations to protect PHI and increase the risk of penalties, fines, and litigation. 15 workers fired for accessing Octuplet Mom’s File Kaiser Permanente spokesman said Monday that this was a violation of healthcare privacy laws… Orange Country register UCLA Workers snooped in Spears’ Medical Records March 30, 2009 The Medical Center is taking steps to fire at least 13 employees and is discipling others, including doctors, for looking at the pop star’s confidential files. Los Angeles Times March 15, 2008 www.forensicscorp.com
  • 5.
    and The Ugly • Medical privacy breaches continue to be a serious problem for healthcare and life sciences. Some of the most highly respected healthcare organizations in the country still suffer data breaches, and new breaches make headlines regularly and consequences can be severe. • To date, the consequences of health data breaches have fallen into two categories: financial; and damage to an organization’s image and reputation. • Monetary losses resulting from privacy breaches are due to fines, penalties, legal fees, staff time spent responding to the incident, lost business, and in the case for-profit HCOs, decreased stock valuation. • Based on a recent Ponemon Institute study, the average cost per lost healthcare record was projected to be $282 per record in 2008, or nearly $3 million for breach of 10,000 records. • Across all industries, the average per-incident cost of privacy breaches in 2008 was $6.7 million, up from $6.3 million in 2007. www.forensicscorp.com
  • 6.
    Notable Breaches HCO Date Exposed Records Exploit Aetna 5/28/2009 65,000 Web Kaiser Permanente 2/6/2009 29,500 Unknown Baylor Health Care System 11/4/2008 100,000 Stolen Laptop University of Utah Hospitals & Clinics 6/10/2008 2,200,000 Stolen Tape NY – Presbyterian Hospital 4/11/2008 49,841 Internet Fraud WellPoint 4/8/2008 128,000 Web United Healthcare 6/25/2007 17,000 Internet Fraud John Hopkins Hospital 2/7/07 52,000 Lost Tape St. Francis Hospital 10/23/2006 260,000 Lost Media Kaiser Permanente 7/27/2006 160,000 Stolen Laptop Humana Medicare 6/3/2006 17,000 Web Aetna 4/26/2006 39,000 Stolen Laptop Source: http://datalossdb.org http://www.privacyrights.org/ar/ChronDataBreaches.htm www.forensicscorp.com
  • 7.
    The Need forNew Approach • Electronic PHI (protected health information) can reside anywhere, which means that healthcare organizations need to focus their efforts on protecting sensitive information wherever it is stored. The aggressive promotion of HIT systems, coupled with the exponential growth of digital storage, increases the potential number and severity of data breaches and other security issues. • Whether a result of hackers or employees, companies remain at risk of losing or compromising information assets. In this difficult economic environment with increasing regulatory demands, HCOs need to consider a more holistic and efficient approach to information management based on a strategic data classification program that discovers and controls PHI wherever it is stored. www.forensicscorp.com
  • 8.
    The Challenge • Thefragmented approach to healthcare delivery also hinders efforts to systematically and comprehensively manage PHI, resulting in inconsistent approaches involving the use of ineffective methods and variable application of methods known to be effective, and yielding unpredictable results. • Most healthcare providers place a high priority on protecting the privacy of PHI. However, with so many people from so many entities accessing PHI in so many ways, their understanding of both the importance of this protection and how to effectively facilitate it will inevitably vary. Something will undoubtedly fall through. • “Most companies do not have adequate processes or technologies to manage their unstructured data. 75 percent said they were concerned that their unstructured data was growing too rapidly. 63 percent said they did not have adequate systems to manage it.” Computerworld survey of 250 large companies In 25 percent of reported data breaches, the organization did not know how many records were compromised by the breach. www.forensicscorp.com
  • 9.
    The Solution • Mostdata and privacy breaches are avoidable. Traditionally, organizations have applied a networkcentric focus to securing systems, based on defined confidentiality levels for storing and processing data. • While still a necessary component, a more informationcentric approach is needed today. Better control and protection of confidential and sensitive information requires first an awareness of where data are stored and how it is protected. • Enterprises should implement a strategic information management program by classifying data to help reduce their corporate risk exposure, decrease information discovery times, improve compliance status, and potentially realize significant cost savings through an effective data disposal program. www.forensicscorp.com
  • 10.
    The Solution • ForensicsCorp derives its strategic approach to building and executing a data classification program from a logical and comprehensive workflow. Analyze Realign Define Data Discover Data Security Practice with Classification Schema Storage Areas Deficiencies Policies • With a successfully implemented data classification strategy, an HCO can focus more heavily on where it must provide additional efforts and resources to mature its information management program to a more strategic level www.forensicscorp.com
  • 11.
    The Solution Because PHIcan now be stored in digital form in myriad locations, healthcare- related organizations must intensify their efforts to know where patient- sensitive information is located and ensure that it is protected wherever it is stored. The aggressive promotion of HIT systems, coupled with the exponential growth of digital storage, exacerbates the number and severity of data breaches and other security issues. Whether a privacy breach is caused by hackers or well- intentioned employees, the damages and other consequences are the same. To achieve the goals of the new legal requirements, healthcare-related organizations will need to execute a strategic data classification program and utilize a more holistic approach to information security management to better safeguard protected health information. www.forensicscorp.com
  • 12.
    Forensics Corporation Partnering TogetherTo: • Review, assess and update policies and processes. • Establish a Data Classification / HITECH Team. • Discover Data Storage areas. • Analyze Risk. • Realign Practice with Policy. • Leverage technology to enforce policy. • Provide training and good communication policies for employees. www.forensicscorp.com
  • 13.
    Contact Us Email: info@forensicscorp.com Tel.:+1.480.747.1732 or Tel.: 1.877.248.DATA (3282) Or for more information visit us at: www.forensicscorp.com www.forensicscorp.com