The second annual benchmark study by Ponemon Institute finds that the frequency of data breaches in healthcare organizations surveyed has increased by 32 percent, with hospitals and healthcare providers averaging four data breaches.
According to Rick Kam at ID Experts, healthcare organizations can minimize their data breach risks with three basic steps:
Take an inventory of PHI/PII
An inventory provides a complete accounting of every element of personally identifiable information (PII) and PHI that an organization holds, in either paper or electronic format. It helps determine how an organization collects, uses, stores and disposes of its PHI. A PHI inventory reveals the risks for a data breach, so organizations can strategically protect PHI data and best plan for a response based on real information.
Develop an Incident Response Plan (IRP)
An IRP is an effective, cost-efficient means for helping organizations meet HIPAA and HITECH requirements and develop guidelines related to data breach incidents. The IRP designates roles and provides guidelines for the response team’s responsibilities and actions.
Review contracts and agreements with business associates
Business associates are a growing cause of data breaches. These contracts between healthcare organizations and business associates authorize and define business associates’ use of the PHI they share with healthcare providers. Keeping these contracts up-to-date demonstrates compliance to regulators and helps maintain consistency in how PHI is managed in a healthcare ecosystem.