Study to Yield Breach Prevention TipsReport Will Assess Breach Costs, Suggest Prevention Priorities
Preventing breaches is a serious challenge in healthcare, as illustrated by the HHS Office for Civil Rights' list of major healthcare information breaches that have occurred since September 2009. The list now includes nearly 250 incidents affecting more than 8 million individuals. The HITECH Act's breach notification rule mandated the reporting of breaches to OCR.
Participation in the new ANSI/Shared Assessments PHI Project is open to security professionals, legal experts and others. The group will investigate the financial impact of breaches involving unauthorized access to protected health information. "Organizations that are custodians of healthcare data are grappling with how to calculate their risk exposure when PHI is lost or stolen," says Rick Cam, president of ID Experts, who is chairing the initiative.
The group's report will include tips on making breach-prevention investment decisions as well as improving responsiveness after a breach incident.
A conference call will be held April 7 to explain the effort. For information on the call, or to volunteer for the project, send an e-mail to firstname.lastname@example.org.
ANSI is a not-for-profit standards-setting body. Its work, for example, has included standards for electronic healthcare claims formats. The Shared Assessments Program, formed by financial institutions, accounting firms and others, focuses on service provider assessments. It offers tools that service providers can use to evaluate their privacy and security controls. The program is managed by the Santa Fe Group.