In case you missed some of the top news this month here is our digest of the top headlines with commentary from our team. Please enter start a discussion in the comment section below- we’d love to hear your thoughts!
In this Wall Street Journal article, Drew Harris, director of health policy at Thomas Jefferson University’s School of Population Health in Philadelphia, raises some interesting observations about the future role of data within health care.
In particular, he issues a stern warning about organizations’ responsibility to protect this data, saying that they must “ensure health data systems are unhackable and data-use rules are strictly enforced,” and demands that “punishment for violations must be as severe as the potential damage.” His final point is an important one, stressing that if data is not carefully guarded that “no one will trust data-driven population health and the benefit of sharing will be lost.” This underpinning our position that the protection of PHI is less about compliance and more about patient care.
As forensic analysis of this huge incident continues, this article highlights 3 key take-homes from the latest details surrounding this data breach:
- An employee unwittingly caused the breach. “the criminals got in through… phishing which has tricked the employees into unknowingly revealing a password or downloading a Trojan with a keylogger software.”
- The final breach was the end result of an ongoing, deliberate attempt to access their data. “It is clear that Anthem is the victim of an Advanced Persistent Threat, because the evidence shows they have been under sustained attacks for a long period of time.”
- Cyber criminals have been quick to leverage the public exposure of the breach through phishing scams, although Anthem has been quick to respond that “There is no indication that the scam email campaigns are being conducted by those that committed the cyberattack, or that the information accessed in the attack is being used by the scammers.”
A nice, practical guide from HealthIT.gov. At over 60 pages long, the PDF is in no way a cheatsheet, but covers key topics in enough depth to be comprehensive without alienating “beginners” to the subject of compliance with the HIPAA-HITECH Rules and general information security risk management programs. (If HIPAA 101 is your level of familiarity with this subject area, I recommend registering for up upcoming FREE educational track here.)
The guide also includes some interesting and timely sidebars about subjects such as texting patients, employees and mobile devices, and the increasing threat from cybercriminals.
This Bloomberg article takes a look at the results of a recent Ponemon Institute Survey that shows the staggering cost of cyber attacks on a struggling health care industry.
We will be publishing our own commentary and infographic next week on that study. To hear when that is published, fill out the form below.
Other top news:
We have assisted more than 400 customers to operationalize and mature their information privacy, security, compliance and information risk management programs. And in the process, we are raising the bar for safeguarding PHI, protecting millions of Americans and driving real value for the organizations we support and the healthcare industry at large.