Home » News » Electronic Health Records | Financial/Revenue Cycle Management | Health Information Exchange (HIE) | Privacy and Security
Receive News By Email

  • del.icio.us
  • Digg
  • StumbleUpon
  • Reddit
  • Facebook
  • Google
  • RSS Icon
  

ANSI, Shared Assessments investigate PHI breaches

March 24, 2011 | Mike Miliard, Managing Editor

Related Resources

NEW YORK – A new project led by the American National Standards Institute (ANSI) and the Shared Assessments Program has been launched to explore the financial impact of unauthorized access to personal health information (PHI).

The investigation is spearheaded by ANSI, via its Identity Theft Prevention and Identity Management Standards Panel (IDSP), in partnership with the Healthcare Working Group of the Shared Assessments Program, which was created by leading financial institutions, the Big Four accounting firms, and key service providers to incorporate standardization, consistency, speed, efficiency and cost savings into the provider assessment process.

[See also: Top 5 most common gaps in healthcare data security and privacy.]

The goal for the ANSI/Shared Assessments PHI Project is to identify frameworks for determining the economic impact of any disclosure or breach of protected patient data.

The project, which got underway this past week with a meeting of its advisory committee, brings together professionals from across the industry: data security companies, identity theft protection providers and research organizations, legal experts on privacy and security, standards developers and others.

The effort will culminate in a report targeted at those responsible for and entrusted with protecting and handling PHI. It will help inform the healthcare industry in making investment decisions to protect PHI, as well as improve responsiveness if and when this patient information is breached.

“Organizations that are custodians of healthcare data are grappling with how to calculate their risk exposure when PHI is lost or stolen,” said Rick Kam, president and co-founder of Portland, Ore.-based ID Experts, who is chairing the initiative. “The ANSI/Shared Assessments PHI Project will inform their investment decisions to protect PHI and will provide guidance on how to respond if this data is compromised.”

[See also: Kroll names top 10 data security issues for 2011.]

The group plans to tackle the problem by identifying existing legal protections related to PHI, defining points of compromise in the healthcare ecosystem where there are risks of exposure and assessing the financial impacts of the disclosure of PHI. A survey is also contemplated to support the fact-finding process.

Industry experts are invited to participate in the next meeting, via a two hour conference call on April 7 from noon to 2 p.m. E.T. Interested parties can send an e-mail to idsp@ansi.org to join in the work effort. There is no fee to participate, and most of the work will take place via conference call over the next few months.

Related Topics:

Reader Comments (1)Login to Post a Comment

granmx2 says: I think this is a great idea.
March 24, 2011 | 4:42PM GMT

I think this is a great idea. Often times PHI is not given the priority that it should have. Having had the opportunity to work with personal health records and patient portals, patients are still reluctant to use the internet for personal healthcare due to the perceived issues around security. Yet, they'll do all of their personal finances and banking from a library computer. The industry needs to change this negative image and by creating groups like this, it's a first step in doing so.