Study to Yield Breach Prevention Tips

Report Will Assess Breach Costs, Suggest Prevention Priorities
Study to Yield Breach Prevention Tips
The American National Standards Institute is teaming up with the Shared Assessments Program to create a report offering healthcare information breach prevention tips.

Preventing breaches is a serious challenge in healthcare, as illustrated by the HHS Office for Civil Rights' list of major healthcare information breaches that have occurred since September 2009. The list now includes nearly 250 incidents affecting more than 8 million individuals. The HITECH Act's breach notification rule mandated the reporting of breaches to OCR.

Participation in the new ANSI/Shared Assessments PHI Project is open to security professionals, legal experts and others. The group will investigate the financial impact of breaches involving unauthorized access to protected health information. "Organizations that are custodians of healthcare data are grappling with how to calculate their risk exposure when PHI is lost or stolen," says Rick Cam, president of ID Experts, who is chairing the initiative.

The group's report will include tips on making breach-prevention investment decisions as well as improving responsiveness after a breach incident.

A conference call will be held April 7 to explain the effort. For information on the call, or to volunteer for the project, send an e-mail to

ANSI is a not-for-profit standards-setting body. Its work, for example, has included standards for electronic healthcare claims formats. The Shared Assessments Program, formed by financial institutions, accounting firms and others, focuses on service provider assessments. It offers tools that service providers can use to evaluate their privacy and security controls. The program is managed by the Santa Fe Group.

About the Author

Howard Anderson

Howard Anderson

Former News Editor, ISMG

Anderson was news editor of Information Security Media Group and founding editor of HealthcareInfoSecurity and DataBreachToday. He has more than 40 years of journalism experience, with a focus on healthcare information technology issues. Before launching HealthcareInfoSecurity, he served as founding editor of Health Data Management magazine, where he worked for 17 years, and he served in leadership roles at several other healthcare magazines and newspapers.

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing, you agree to our use of cookies.