Post on 10-Aug-2020
Photo here
HIE DATA BREACH THREAT AND PREVENTION
Rick Kam – President/Co-Founder
April 5, 2011
SESSION OBJECTIVES
» Better understanding of the risks associated with protecting patient information
» “Take Away” one or two best practices to prevent data breaches
April 5, 2011 2HIE Data Breach Threat and Prevention
AGENDA
April 5, 2011 3
» Emerging business risk» Causes of “data breaches”» Best practices in protecting patient
Information
HIE Data Breach Threat and Prevention
EMERGING BUSINESS RISK
» Electronic health records and HIE implementation
» 52% of large hospitals last year had a data breach incident*
» Over 250,000 medical identity theft cases** exceeding $600 million in fraud*** in 2008
April 5, 2011 4
* HIMSS Analytics, November, 2009: Evaluating HITECH’s Impact on Healthcare Privacy and Security** FTC Website* ** World Privacy Forum
HIE Data Breach Threat and Prevention
HITECH ACT RAISES COMPLIANCE BAR
» Stringent new breach notification law• Increased penalties range from $25K to$1.5M• 12-month audit compliance requirement• All forms of “unsecured” PHI including paper• 60 day notification requirement• New guidelines for letter content and address
verification• Maintain and report log of breaches to HHS• Breaches over 500 records require posting to
“prominent media outlets” and trigger an OCR investigation
April 5, 2011 5HIE Data Breach Threat and Prevention
2010 BENCHMARK STUDY BY PONEMON INSTITUTE
Benchmark sampling response Freq.Total healthcare organizations contacts made 457Total healthcare organizations recruited 99Total healthcare organizations participating 67Total healthcare organizations providing incomplete responses 2Final benchmark sample 65
HIE Data Breach Threat and Prevention April 5, 2011
NATURE OF THE DATA LOSS
HIE Data Breach Threat and Prevention April 5, 2011
HOW BREACH WAS DISCOVERED
HIE Data Breach Threat and Prevention April 5, 2011
IMPACT OF THE BREACH
HIE Data Breach Threat and Prevention April 5, 2011
LIFETIME ECONOMIC VALUE OF A LOST PATIENT
HIE Data Breach Threat and Prevention April 5, 2011
ECONOMIC IMPACT OF A BREACH
HIE Data Breach Threat and Prevention April 5, 2011
PROCESS FOR PREVENTING BREACHES
HIE Data Breach Threat and Prevention April 5, 2011
BEST PRACTICES
» Protecting patient information• Prevention• Preparedness• Remediation• Compliance
13HIE Data Breach Threat and Prevention April 5, 2011
BREACH BEST PRACTICES PREVENTION
» Assess data breach risks• Security/privacy• Focus on people/processes• Adopt data loss prevention and
encryption technologies
14HIE Data Breach Threat and Prevention April 5, 2011
BREACH BEST PRACTICES PREPAREDNESS
» Data breach incidents are a way of life in healthcare, be prepared:• Comprehensive incident response plan (IRP)• Retain breach remediation partner• Obtain HITECH-compliant Incident Risk Assessment
tool• Data breach or cyber liability insurance
April 5, 2011 15HIE Data Breach Threat and Prevention
BREACH BEST PRACTICES REMEDIATION
» Key to positive outcome is handling every stage of a response properly;• Incident risk assessment• Formal patient notification• Patient monitoring/protection offering• Identity theft restoration
April 5, 2011 16HIE Data Breach Threat and Prevention
BREACH BEST PRACTICES COMPLIANCE
» Ensure compliance with HITECH and state laws• HITECH mandates patient, HHS and media notification• State laws have their own mandates for patients in their
jurisdiction• Typically state Attorneys General also require notification• ALL are required
April 5, 2011 17HIE Data Breach Threat and Prevention
QUESTIONS
» Rick Kam» PH: 971-242-4705» Email: rick.kam@idexpertscorp.com
April 5, 2011 18HIE Data Breach Threat and Prevention