Patient data has become the ‘top-dog’ in network security. With HIPAA regulations in place and now being actively enforced, more and more companies find themselves paying through the nose for minor incidents that would not have gotten a second glace a few years ago.
The Insurance Journal reported on July 8th, 2010 that HealthNet, a California based heath insurance company, agreed to pay the State of Connecticut $250,000 for losing a harddrive containing patient data.
HealthNet lost the drive back in May of 2009 but did not tell customers until November of 2009.
In addition to the fine, HealthNet agreed to provide free credit monitoring to customers and to work with state regulators to improve security.
All this despite the fact that there is no evidence of the data being used.
To make maters worse, this same harddrive also contained patient data for customers in New York, New Jersey and Arizona. No word on the settlements from those other states.
More info: http://www.insurancejournal.com/news/east/2010/07/08/111405.htm
While HIPAA is used to punish data breaches, it is almost useless in helping practices PREVENT problems.
Installing encrypted harddrives in workstations would have prevented this particular problem. But unless you have a real IT partner helping manage your network (and your risk) you are just rolling the dice.
There has been a ton of focus on HIPAA and medical data but there are regulations covering ALL personal data. This extends the emphasis on network security from Medical and Dental practices to Insurnace Agencies, Law Firms and Accounting Practices.
All these professions regularly handle personal and private information that, if compromosed, would cause a nasty PR nightmare.
Good Networking!
Eric Hobbs
Technology Associates
ehobbs@technologyassociates.net
919-459-0109 – Direct
Things to Think About…
- Network Security is no longer a ‘nice-to-have’ With hefty monitary fines (and ailing state coffers eager to find funds) you can bet your bottom dollar there will be lot’s more fines imposed.
- It is not just patient data If you company keeps ANY confidential customer information, you must safeguard it properly.
- Hardware encryption secures data at the source Encrypting the data on the harddrive itself will go a long ways towards ensuring that accidental data losses can be properly addressed.
