RSS Alerts

Share

More services

Related Stories

  • HIPAA fines prompt action by health care firms on data storage
    With the recent fines imposed by the Department of Health and Human Services (HHS) for violations of the Health Insurance Portability and Accountability Act (HIPAA) privacy rules, firms are starting to feel the pain and take steps to archive and secure patient data.
  • Accreditation body revises HIPAA data privacy and security standards
    URAC, a nonprofit healthcare accreditation organization, has revised its Health Insurance Portability and Accountability Act (HIPAA) privacy and security standards.
  • OMB reviews information disclosure changes to HIPAA privacy rule
    The Office of Management and Budget (OMB) is reviewing a proposed rule from the Department of Health and Human Services (HHS) that would modify disclosures of information under the Health Insurance Portability and Accountability Act (HIPAA) privacy rule.
  • Mass General takes $1 million hit for losing 193 patient records
    Following closely on the heels of its first Health Insurance Portability and Accountability Act (HIPAA) privacy rule fine, the Department of Health and Human Services (HHS) has doled out a $1 million fine against Massachusetts General Hospital for a data breach involving 192 patients begin treated for infectious diseases.
  • HHS levies first fines under HIPAA privacy rule
    The Department of Health and Human Services (HHS) has issued its first fines under the Health Insurance Portability and Accountability Act (HIPAA) privacy rule to Maryland-based Cignet Health Care for denying 41 patients access to their medical records and obstructing the department's probe.

Top 5 Stories

News

ANSI, Shared Assessments to study financial impact of patient data breaches

30 March 2011

The American National Standards Institute (ANSI) and the Shared Assessments Program have launched a study examining the financial impact of patient data breaches.

The groups are examining the problem by identifying existing legal protections related to protected health information (PHI), defining weaknesses in the healthcare system where there are risks of exposure, and assessing the financial impacts of PHI disclosure.

“There seems to be a hole [in the research] about the impact when protected health information is disclosed in an unauthorized fashion”, said Rick Kam, president of ID Experts and chair of the ANSI/Shared Assessments PHI Project, which is coordinating the research effort.

This research is being driven by the Health Insurance Portability and Accountability Act (HIPAA) and the Health Information Technology for Economic and Clinical Health (HITECH) Act, as well as the Threshold of Harm, under which organizations that have data breaches are required to conduct a risk assessment of the reputational, financial, and medical harm caused by the breach, Kam told Infosecurity.

“One of the missing links in the research is what is the actual impact to an individual whose protected health information has been disclosed. One of the key differentials of this process is to look at the issue from an individual perspective”, he said.

“If there is no clearly defined financial impact from breaches, it is much more difficult to put together a business case to protect it in the first place”, he added.

The ANSI/Shared Assessments PHI Project got underway this month with a meeting of its advisory committee. The initiative brings together professionals from across the industry: data security companies, identity theft protection providers and research organizations, legal experts on privacy and security, standards developers, and others.

“Many of these people are in the trenches of privacy and information security and are in standards committees, such as NIST [National Institute of Standards and Technology]. We are going to ask these experts whether they have seen cases where the breach of protected health information has actually caused some form of damage”, Kam said.

This effort will culminate in a report targeted at those responsible for and entrusted with protecting and handling PHI. The report will help inform the healthcare industry in making investment decisions to protect PHI, as well as improve responsiveness if and when patient information is breached.

The project is also considering conducting a consumer survey, in cooperation with the Ponemon Institute, about the financial impact of patient data breaches. “We are exploring several avenues to test what protected health information and what combinations actually cause reputational, financial, medical, or other harms to consumers”, he said.
 

This article is featured in:
Compliance and Policy  • Data Loss

 

Comment on this article

You must be registered and logged in to leave a comment about this article.

Terms & Conditions |Privacy |Website Design|Reed Exhibitions. All rights reserved. Copyright © 2012