Health Care and HIPAA – Is Enforcement Turning the Tide?
Enforcement (think fines) associated with the Health Insurance Portability and Accountability Act (HIPAA) appears to be on the rise. The University of Idaho recently incurred a fine of $400K for turning off a firewall for some unknown reason for a period of ten months. Wellpoint paid out a whopping $1.7M for inadvertently providing access to over 600K patients’ information via an online database.
Several years ago, fines were targeted at stolen laptops, thumb drives, information left in an unlocked car, or thrown in a dumpster. Is the tide changing? In both these instances, the organization had full control of their destiny yet failed to ensure the most basic safeguards were in place.
Although both of these instances leave you shaking your head, how many potential cyber security breaches, how much confidential content, and information that can and will be held against you in eDiscovery exists in your organization? Most organizations, health care or not, wait until it’s too late to find out.
Although several security applications can and do identify the likes of a social security number, etc. we recommend a complementary approach that identifies organizationally defined confidential information consisting of descriptors, phrases, and keywords, that are identified as content is ingested or created and the content automatically routed to a secure repository for disposition.
People will always make mistakes which is inextricably part of our uniqueness. But when it comes to organizations making mistakes the world is not so forgiving. $1.7M is quite a bit to ‘pay’ for human error.