Best practices from healthcare and compliance experts
Posted on 26 October 2012.
Data breaches in healthcare are raising alarm. Nearly 20 million patient health records have been compromised in the past two years, according to the U.S. Department of Health and Human Services (HHS).


The American Hospital Association brought together senior executives from healthcare, information security, compliance, and legal disciplines to discuss best practices around creating a culture of patient privacy compliance. The panel was clear in their directionóbuild a team and leverage an interdisciplinary incident response team.

Encrypt, encrypt, encrypt!
Kimberly B. Holmes, Esq., deputy worldwide product manager - health care, Chubb Group of Insurance Companies

"While there currently are no federal minimum standards or guidance around the quality and level of encryption that should be implemented to secure PHI, having some form of encryption applied to all PHI, and especially to PHI that is stored on mobile/portable devices, mitigates the risk of potentially serious HITECH fines/penalties when a breach occurs."

Prepare for a breach.
Cheryl A. Parham, Esq., associate general counsel, New York-Presbyterian Hospital

"Identify first responders with knowledge of your organization as well as the rules regarding notification and reporting. When a breach occurs, find out the facts first, then respondóbut do it timely!"

Have a privacy and security compliance assessment carried out every year.
Doug Pollack, CIPP/US, chief strategy officer, ID Experts

"A key action for your healthcare organization to reduce your risks of being fined by the Office for Civil Rights (OCR) is to have a privacy and security compliance assessment carried out every year, and to clearly document the remedial actions that you've taken to address the most severe patient data privacy risks that were identified."

Find the gaps and close them.
Meredith Phillips, MHSA, CHC, CHPC, chief privacy officer, Henry Ford Health Systems

"When engaging with OCR, be a partner and show that you are being proactive. When we look at our programs, we see where there are some gaps and we tell OCR what we are going to do to fix the gaps and report back. We want to show that we are taking action to correct any issues."

Prevention efforts, preparation, and a well-executed response plan.
Marcy Wilder, co-chair of the Global Privacy and Information Group at Hogan Lovells

"Prevention efforts, preparation, and a well-executed response plan can go a long way toward mitigating the financial, legal and reputational harm that a security incident involving patient information can cause. Whether a breach begins with an external attack, employee malfeasance or an innocent mistake, an organization's initial response can help minimize harm to affected individuals and manage the risks to which an institution is exposed. To start, have a written post-breach response plan ready and tested before a breach happens."





Spotlight

eBook: Cybersecurity for Dummies

Posted on 16 December 2014.  |  APTs have changed the world of enterprise security and how networks and organizations are attacked. These threats, and the cybercriminals behind them, are experts at remaining hidden from traditional security while exhibiting an intelligence, resiliency, and patience that has never been seen before.


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  
DON'T
MISS

Thu, Dec 18th
    COPYRIGHT 1998-2014 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //