It is not difficult to understand why there is a current focus on data security. Target had 70 million records compromised along with 40 million cards. They are facing 100+ lawsuits and numerous investigations by the AG and FTC. HIPAA breaches have impacted more than 31 million individuals resulting in class action suits and government investigations.
The OCR (Office of Civil Rights) is becoming more active. They have settled 19 suits since 2011 totaling $22,546.500. These numbers will likely pale in comparison to the next 12 months.
What does the OCR look for? A few of the identified problems include: failure to conduct a Risk Analysis in response to a new environment; portable devices; and workforce numbers.
Employees need to be trained and trained on an on-going basis. Appropriate sanctions need to be applied. Security measures need to be installed to monitor unauthorized access such as workforce members repeatedly snooping on patients.
Portable devices need encryption and security measures. Policies and procedures are needed which address incident identification, reporting and response. Access to unauthorized users needs to be restricted.
Find us on Facebook and LinkedIn