Complimentary tool for measuring organizations’ breach index

Today breach notification regulations take effect under the HITECH Act. HIPAA-covered entities, including healthcare providers and business associates, are now required to notify affected individuals, the Secretary of Health and Human Services and sometimes the media, if a patient’s unsecured protected health information (PHI) is breached.

With these new rules in place and healthcare breaches accounting for over 66 percent of all records breached this year (according to Identity Theft Resource Center), ID Experts recommends that organizations evaluate their readiness and existing safeguards and put an incident response plan in place now. To help them get started immediately, ID Experts is offering a complimentary tool called Breach HealthCheck.

Breach HealthCheck is available free-of-charge for a limited time, for organizations that are subject to the new HITECH rules. The patent-pending tool is designed to measure an organization’s business exposure and protection level. Using a mathematical model, Breach HealthCheck produces an index that measures an organization’s business risk, preparedness and protection against the growing threat of breach incidents.

The Department of Health and Human Services will begin to impose strict penalties and increased fines for violations when the breach notification rule is enforced in February 2010; however, healthcare organizations need to be in compliance with the new rules as of today.

Breach risks can be minimized by executing a well-planned response at every stage of the data breach life cycle. ID Experts’ Incident Response Plan supports organizations and their legal resources through the HHS required post-incident risk assessment to determine if the level of harm incurred is considered a breach and requires notification. Additionally, the Incident Response Plan outlines the notification process and the HHS logging and reporting of breaches.