Suggested Content
- 118 'Most Connected Hospitals'
- HHS gives 6 more states $181M in HIX funding
- How bipartisan is health IT?
- Survey names top five states for physician EHR adoption
- Community college training of HIT professionals questioned
- Veterans Affairs CIO Roger Baker on VLER progress
- TRICARE breach puts 4.9M military clinic, hospital patients at risk
- Beacon Communities snag more money for IT
- Stanford says subcontractor has assumed responsibility for breach
Related Resources
- Christ Hospital Case Study: Improving Operations and Ensuring the Best Possible Patient Care with ECM
- Six Ways to Protect Patient Safety
- June 5th @ 1PM ET--Get Control of Your Medical Images with a Cloud-Based Vendor-Neutral Archive
- Redefining Value and Success in Healthcare: Charting the Path to the Future
- Wi-Fi Provides Rx for Healthcare Challenges
WASHINGTON – Several healthcare groups have joined together to demand a tightening of security for protected health information. And they're making a financial case for it.
With the release of “The Financial Impact of Breached Protected Health Information: A Business Case for Enhanced PHI Security,” healthcare organizations now have a new method to evaluate the “at risk” value of protected health information (PHI) that will enable them to make a business case for appropriate investments to better protect it, say the leaders of the PHI Project.
[See also: HHS names Rodriguez chief health data privacy enforcer]The group, made up of standards organization ANSI, the Santa Fe Group/Shared Assessments Program Healthcare Working Group and the Internet Security Alliance, released the report March 5 and also held a press conference at the National Press Club in Washington.
As the PHI Project leaders put it, the healthcare delivery system is founded upon trust – a trust that those receiving health information will keep it confidential and secure. This trust is now being tested as the healthcare industry moves to adopt electronic health records, access federal incentives, and facilitate better patient care. PHI is now more susceptible than ever to accidental or impermissible disclosure, loss or theft. Health care organizations (providers, payers, and business associates) are not keeping pace with the growing risks of exposure as a result of EHR adoption, the increasing number of organizations handling PHI, and the growing rewards of PHI theft.
PHI data breaches are growing in frequency and in magnitude with huge financial, legal/regulatory, operational, clinical and reputational repercussions on the breached organization, they say. The report provides CISOs, CIOs, IT security, privacy, and compliance personnel with information to help them better understand the potential risks and liabilities resulting from data breaches.
[See also: Stanford hospital breach shows danger of losing data control]Healthcare organizations reading this report can take immediate action, they say, using PHIve – the PHI Value Estimator – a five-step method for assessing security risks and evaluating the “at risk” value of an organization’s PHI. This tool estimates overall potential data breach costs, and provides a methodology for determining an appropriate level of investment needed to strengthen privacy and security programs and reduce the probability of a breach occurrence.
“No organization can afford to ignore the potential consequences of a data breach,” said Rick Kam, president and co-founder of ID Experts, and chair of the PHI Project. “We assembled this working group to drive a meaningful dialogue on appropriate levels of investment to better protect healthcare organizations and PHI.”
“Healthcare is one of the most-breached industries,” said Larry Ponemon, chairman and founder, Ponemon Institute. “Healthcare providers and supporting organizations don’t currently have sufficient security and privacy budgets, including adequate processes and resources, to protect sensitive patient data. This report will help them understand what they need to do to augment their efforts.”
