Study to Yield Breach Prevention Tips

Report Will Assess Breach Costs, Suggest Prevention Priorities
Study to Yield Breach Prevention Tips
The American National Standards Institute is teaming up with the Shared Assessments Program to create a report offering healthcare information breach prevention tips.

Preventing breaches is a serious challenge in healthcare, as illustrated by the HHS Office for Civil Rights' list of major healthcare information breaches that have occurred since September 2009. The list now includes nearly 250 incidents affecting more than 8 million individuals. The HITECH Act's breach notification rule mandated the reporting of breaches to OCR.

Participation in the new ANSI/Shared Assessments PHI Project is open to security professionals, legal experts and others. The group will investigate the financial impact of breaches involving unauthorized access to protected health information. "Organizations that are custodians of healthcare data are grappling with how to calculate their risk exposure when PHI is lost or stolen," says Rick Cam, president of ID Experts, who is chairing the initiative.

The group's report will include tips on making breach-prevention investment decisions as well as improving responsiveness after a breach incident.

A conference call will be held April 7 to explain the effort. For information on the call, or to volunteer for the project, send an e-mail to idsp@ansi.org.

ANSI is a not-for-profit standards-setting body. Its work, for example, has included standards for electronic healthcare claims formats. The Shared Assessments Program, formed by financial institutions, accounting firms and others, focuses on service provider assessments. It offers tools that service providers can use to evaluate their privacy and security controls. The program is managed by the Santa Fe Group.


About the Author

Howard Anderson

Howard Anderson

News Editor, ISMG

Howard J. Anderson is news editor of Information Security Media Group and was founding editor of HealthcareInfoSecurity and DataBreachToday. He has more than 34 years of journalism experience, with a focus on healthcare information technology issues. Before launching HealthcareInfoSecurity, he served as founding editor of Health Data Management magazine, where he worked for 17 years, and he served in leadership roles at several other healthcare magazines and newspapers.




Around the Network