Healthcare organizations today possess and manage a tremendous amount of sensitive information. From Personal Health Information (PHI) and Electronic Health Records (EHR) to patient financial data, healthcare organizations are responsible for securing these critical data assets from accidental loss or intentional data breaches.
Negative publicity from a data breach can have lasting consequences, undermining patient confidence and damaging an organization's reputation. In addition, as the Obama administration continues to push forward in its effort to modernize the nation's health care system by making all health records digital, government regulations are being produced and refined to require health care organizations to implement comprehensive security systems to protect patients’ sensitive data.
The Health Insurance Portability and Accountability Act (HIPAA), enacted in 1996, got healthcare organizations to start thinking about protecting patients' sensitive data; however, it had weak enforcement and minimal penalties. With the introduction of the American Recovery and Reinvestment Act of 2009 (ARRA), any organization that possess PHI faces much more stringent data security, privacy, and breach notification policies and the consequences for not complying are significant. Personal health information stored with non-HIPAA entities (e.g. business associates) is now protected.
This paper covers some areas of potential data breach within healthcare organizations and ways to prevent them. Read on to learn more about the steps you can take to protect patients' sensitive information.