The document discusses security issues related to protecting personal health information and financial records. It notes that the US Department of Health and Human Services investigated over 6,700 cases of potential privacy violations in 2008 and outlines penalties paid by healthcare providers for HIPAA violations. The author advises implementing a risk management process to avoid negative publicity and outlines key security activities such as encrypting data, testing incident response plans, and moving toward security standards to protect sensitive information.
1 of 12
More Related Content
Healthcamp
1. FREDERICK SCHOLL, Ph.D., CISSP, CISM, CHP MONARCH INFORMATION NETWORKS, INC. [email_address] MAY 30, 2009
2. MONARCH INFORMATION NETWORKS, INC. INDEPENDENT CONSULTANT 1991-PRESENT ADVISE TRUSTED BUSINESSES ON HOW TO PROTECT THEIR INFORMATION CLIENTS SCHERING-PLOUGH QUEST DIAGNOSTICS NISSAN AMERICAS
4. HIPAA ENFORCEMENT SECURITY RULECMS 10 AUDITS IN 2008/PWC 6 CURRENTLY IN 2009/QISS SECURITY RULEOIG 8 AUDITS OF HOSPITALS 2008 19 HIGH IMPACT VULNERABILITIES/HOSPITAL PRIVACY RULEHHS/OCR 6746 INVESTIGATED RESOLUTIONS 2008 PROVIDENCE HEALTH (05-06): $100K CVS (2008): $2.25M
5. HIPAA ENFORCEMENT UNDER ARRA/HITECH BREACH NOTIFICATION RULE-9/17/2009 FEDERAL MEDICAL RECORD NOTIFCATION RULE (CA,AR) IF MORE THAN 500 RECORDS POST TO HHS NOTIFY PROMINENT MEDIA OUTLETS 261 MILLION RECORDS OF ALL TYPES BREACHED (05-09, WWW.PRIVACYRIGHTS.ORG)
6. FINANCIAL RECORDS SECURITY BREACH CHOICEPOINT: -12% MARKET VALUE 2004-2005 $20m FTC FINES NOW PART OF REED ELSEVIER HEARTLAND: -39% MARKET VALUE 2008-2009 CLASS ACTION LAWSUIT IN PROGRESS
7. HOW TO AVOID HIPAA PUBLICITY IMPLEMENT RISK MANAGEMENT PROCESS KEY SECURITY PROBLEMS TO AVOID OIG ASSESSMENT RESULTS
9. KEY SECURITY ACTIVITIES BUSINESS ALIGNMENT APPLICATION DEVELOPMENT INTRASTRUCTURE OPERATIONS FOLLOW NIST 800-66 CHECKLISTS DEVELOP AND TEST INCIDENT RESPONSE PROCESS ENCRYPT PHI AT REST AND IN TRANSIT REVIEW DATA DESTRUCTION PROCESS