HIPAA hiccups
Not a month goes by when there isn’t an announcement of a breach of electronic health records thereby disclosing personal and financial data; and that excludes breaches that are not publicly acknowledged. In a recent report from the American National Standards Institute (ANSI), 18 million Americans have had their personal health information stolen over the past two years.
So one has to ask: considering the financial and legal implications of a breach of health records, why don’t organizations deploy security solutions to protect electronic health records? Answers often offered by CIOs are (1)ROI – show me the ROI on an investment in security solutions. Does it lower my cost of doing business? Does it bring me new customers? (2) Compliance / HIPAA? “Yawn… is there a way around this regulation? Can we give the compliance auditors, the minimum they need at the lowest cost, so we can get on with business?”
“Mr/Ms CIO, I would like to introduce you to our CFO, he/she will educate you on the costs of doing business in today’s electronic age…”
The costs of a breach can be quantified as:
- Financial: notifying affected individuals and increased insurance premiums.
- Reputation: loss of current patients and difficult attracting future patients.
- Operations: cost of training staff to prevent future breaches.
- Legal: fines, penalties and lawsuits.
- Clinical: fraudulent medicaid and insurance claims that may be submitted from the stolen data;inaccurate diagnoses because data is missing from the electronic health record system.
Take the cost of a breach and turn that into the cost of an investment – the cost of an investment in security software solutions that lower the probability of a breach occurring. (In layman terms: the cost of a burglar alarm or barbed wire fence that will make it more difficult for thieves steal your jewels). For electronic health record data stored in the cloud, software security solutions should include firewalls, intrusion detection/prevention systems and data encryption so that even if the data is stolen, it is useless to the thief.
Spotlight
Cloud Computing
- Security in backups means more than just encryption
- Employees must buy into the company policy for better cloud security
- Desktop virtualization can enhance security performance
- Cybersecurity cooperation becoming military necessity
Virtualization
- Virtualization-specific challenges could threaten data security
- Evolving threats put security skills in high demand
- Virtualization security requires education, access control management
- Tips for launching effective virtual security tools
Internet Safety
- Virtualization-specific challenges could threaten data security
- Evolving threats put security skills in high demand
- Virtualization security requires education, access control management
- Tips for launching effective virtual security tools
Vulnerabilities & Exploits
CTO Insights
First Line of Defense
Newsletter
Stay up to date with the latest news and information on online threats.
Recent News
- FBI trying to train financial execs on cyber threats
- Wall Street has data security concerns over Bloomberg reporting
- Security in backups means more than just encryption
- Employees must buy into the company policy for better cloud security
Tag Cloud
cloud cloud computing cloud computing security Cloud Security Compliance & Regulations Consumerization Current News cybercrime Data Privacy data security Encryption Government Policy Internet Protection Internet Safety Internet Safety - DO NOT USE Internet Security Malware Mobile Security Mobility Policy Policy - DO NOT USE Privacy Privacy & Policy Private Cloud Public Cloud Reports Research Spotlight threat intelligence threat research Trend Labs Underground Economy virtualization Vulnerabilities Vulnerabilities - DO NOT USE web security web threats
Comments
No comments yet
The comments are closed.