The U.S. Department of Health and Human Services Office for Civil Rights (OCR) recently announced a new HIPAA settlement with a small health care provider, which re-enforces the importance of securing electronic health information (ePHI) on the endpoint.
When talking about the healthcare industry, we tend to lump all sectors together. While the data security regulations do not differentiate between subsections in the healthcare industry, there are different risks, challenges, and levels of preparedness amongst the sectors. According to new research out of Crown Records Management, the pharmaceutical sector is woefully under-prepared for current and future data security challenges.
We are more than half way into 2015, with enough time now to assess the impact data breaches have had on organizations this year. The reports so far indicate a growth in targeted attacks, and continued attacks on the healthcare industry.
Government Officials in the UK have been facing ongoing backlash over their ability to protect citizen information following a string of data breaches over the past few years. Most recently, East Sussex NHS Trust came under fire for misplacing a memory stick containing the personal data of 3,000 of its patients. The ICO has levied more than £5 million worth of civil monetary penalties against the public sector, with these fines set to increase with the finalization of the EU General Data Protection Regulation (EU GDPR), which will come into effect in 2017.
The American Health Information Management Association (AHIMA) recently released a framework of Information Governance Principles for Healthcare (IGPHC). The goal of this resource is to set up a framework to identify risks and areas for improvement.
Although it’s true that the healthcare industry is facing more targeted cyber attacks, these attacks are not necessarily more sophisticated. Most healthcare organizations, particularly hospitals, are leaving many “doors” open due to a lack of proper cyber security defences.
The fallout of major data breaches in the past two years has sent a clear message: the responsibility for data breaches is being laid on the board of directors and C-level employees. Having a strong IT security team, led by a strong CISO, is not only key to an effective security policy. Indeed, studies have shown than an effective CISO and a well-run information security program can save an organization almost 10% in total revenue from a decreased risk of data loss and theft.
Absolute today announced the launch of Absolute DDS for Healthcare, a new offering tailored specifically to serve its healthcare customers. Absolute DDS (formerly Absolute Computrace) for Healthcare includes added support that helps customers determine healthcare compliance and regulatory exposure in the event of a data breach.