Health Care Data Breach Risk

Health care organizations rank among the top industries which have suffered data breaches over time. According to the Data Privacy Clearinghouse, more than 25 million health-related records were breached between 2005 and the middle of 2013 via 973 separate, reportable incidents.

The Health Insurance Portability and Accountability Act (HIPAA) increased compliance standards related to the protection of Personally Identifiable Information (PII) in 2003. Data stewards should be aware of the many administrative, physical and technical requirements required to secure sensitive information. HIPAA defines 18 different types of Personal Health Information (PHI) that must be protected, ranging from names, address details and social security numbers to e-mail addresses, and medical beneficiary numbers and even full-face patient photographs, among other identifiers. Because of new penalties introduced through the HITECH Act (provisions, allowances, requirements and more related to HIPAA), protecting electronic Personal Health Information in non-production environments is critical.

Compliance requires the protection against any reasonably anticipated threats to the security or integrity of electronic Personal Health Information. Any breaches that include 500+ records must be reported to the individuals affected, the media and the U.S. Department of Health and Human Services.

DataVantage^® Software Solutions:

• Maintain policies to address information security and to prevent data breaches.
• Mask and de-identify required customer Personally Identifiable Information (PII) and private corporate information.
• Generate automated, realistic-looking datasets for use in application development, testing, training and CRM development.
• Restrict data access on a need-to-know basis.
• Track and monitor access to PII via audit trails and helps identify who has accessed sensitive data.

Resources:

• Joint Guidance on the Application of the Family Educational Rights and Privacy Act (FERPA) and the Health Insurance Portability and Accountability Act of 1996 (HIPAA) to Student Health Records (PDF)
• The impact of HIPAA and HITECH on healthcare data governance.
• The Financial Impact of Breached Protected Health Information: A Business Case for Enhanced PHI Security