Over 19 Million Affected by PHI Breaches- Are You Contributing too?

Chandra Bilugu — Tue, 24 Jan 2012 10:53:44 +0000

You may be thinking that your organization is completely shielded from security threats, and that a breach of any sort in any organization, is a rarity. But the fact is that health information breaches are no longer one-off incidents. They are much more frequent than we tend to imagine. About 385 major breaches have been reported in the last couple of years, and the number of individuals affected by these breaches has touched a new high. With the addition of the Sutter Health incident to the list, the breach tally raises over 19 million individuals since September 2009.

These figures reveal one thing for sure. Protecting patient health information is not easy- especially if there’s a lack of vigorous security monitoring and breach prevention capabilities. Proof to this is the fact that out of the 385 incidents reported, roughly 55 percent involved lost or stolen unencrypted electronic devices or media, and about 22 percent involved a business associate. In the case of Sutter Health, the breach took place even as the desktop computers were in the process of being encrypted.

Other major breaches that occurred as a result of inadequate security include:

A breach involving Accretive Health Inc., a debt collection agency, which affected 20,000 patients treated at Fairview Health Services and North Memorial Healthcare, where an unencrypted laptop was stolen from a rental car of an Accretive employee
The TRICARE breach affecting 4.9 million beneficiaries of the military health program, in which backup tapes containing electronic health records were stolen

The lessons to be learned are these:

Matters of health information security are to be given prime importance if you wish to protect your organization from breaches of any kind
Adopting efficient security policies and procedures is a must, not only to ensure regulatory compliance, but also to avert threats
A comprehensive security monitoring and management solution is a prerequisite to avoid data loss/theft

Security expert Melodi Mosley Gates is of the opinion that to prevent breaches, devices should be routinely encrypted irrespective of whether or not they contain sensitive information. This would mean that even when you have a set of policies and procedures governing data usage and transfer, your data may still not be completely protected.

In other words what you need is a dynamic solution that can take over the responsibility of monitoring and managing data security in your organization, and ensure that your data is shielded at all times. SecureGRC offers this capability. It is a completely integrated and automated solution that can guarantee information security apart from freeing you from the hassles of compliance, and security monitoring and management. So adopt SecureGRC today to ensure your organization doesn’t contribute to the growing number of breaches.

The post Over 19 Million Affected by PHI Breaches- Are You Contributing too? appeared first on Aegify.

PHI Breaches – Aegify

Over 19 Million Affected by PHI Breaches- Are You Contributing too?