Electronic medical records are the future, and the government is encouraging their adoption through the HITECH act. InfoSecurity.com has analysis of the first phase of HITECH:
Phase I implementation (2011–2014) provides a graduated series of financial incentives to physicians and hospitals. At the same time, certain information security measures must be implemented along with the expanded use of electronic health records and information exchanges.
For healthcare facilities, these security measures include implementation of access control; data integrity; emergency management; encryption of data at rest, in motion, and removable media; identity proofing; log analysis and management; and system timeout.
Healthcare organizations are advised to use an encryption algorithm that meets FIPS 197 standards or better. It’s important to ask your vendor about their encryption certifications, as not all password-protected devices are truly secure.
Data Security, Healthcare
State legislatures around the country continue to enact stronger and stronger data breach laws to protect their citizens against unlawful use of personal information. The two latest actions are in California and Massachusetts. See the Workplace Privacy Report to learn more about the new bills.
Massachusetts already has one of the toughest data security laws. Most other states have regulations that require public notification of data breaches and allow for civil or criminal penalties. Many, but not all of them, provide safe harbor from penalties if the data was properly encrypted.
Data Security
Kanguru’s encrypted flash drives and remote management console have applications across a variety of industries. Kanguru has been involved with flash drive standardizations in organizations spanning government, healthcare, and financial industries to name a few.
One such partnership we are pleased to announce involves a top ten, prestigious Maryland Law Firm. Kanguru’s secure flash drives and remote management software were chosen to help keep their confidential data safe and secure and also help them meet regulations relating to data security and privacy. The security features built into the Kanguru Defender V2 help prevent data leaks and costly penalties for non-compliance with data breach regulations.
Kanguru’s high level of security features include: 256-bit AES Hardware Encryption, onboard anti-virus, and remote management with KRMC Cloud. These features, coupled with an attractive price point earned Kanguru a key spot within their overall security program.
Data Security
The loss of an unencrypted portable hard drive containing private health information has proven extremely costly and time consuming for Health Net, Inc., and Health Net of the Northeast, Inc.
The health insurance company is now being fined $55,000 by the State of Vermont and must also submit to a data-security audit and file reports with the State regarding the company’s information security programs for the next two years.
“The lawsuit is Vermont’s first enforcement action under the Security Breach Notice Act and the second HIPAA enforcement action of its kind since state attorneys general were given HIPAA enforcement authority in 2009.”
Read more at Infosec Island.
Data Security, Healthcare
Which is more costly to a business? Spending the money to become compliant with federally mandated security regulations or remaining noncompliant?
A recent study by the Ponemon Institute compared the cost of complying with state and federal security regulations vs. the cost of potential business disruption, productivity loss, revenue loss, and fines. Read more about it here.
Data Security
Data breaches that expose confidential medical data are costing healthcare providers $6 Billion a year. SC Magazine reports on a new study by the Ponemon Institute and the results are not good.
The top three causes of breaches were unintentional employee action, lost or stolen computing devices and third-party accidents. The average number of lost or stolen records per breach was 1,769.
The survey found that breaches have cost the U.S. health care system $12 billion over the past two years. The economic impact of a data breach was approximately $2 million per organization over a two-year period.
Expect the number of records per breach to increase as portable devices continue to grow in capacity and shrink in price. Employees may have good intentions when they take the entire database home with them, but data breaches often result when a car is broken into or a thumb drive slips out the pocket. Healthcare organizations need a policy for securing USB devices and it needs to be enforced automatically.
Data Security, Healthcare, Portable Storage
The Connecticut State Teachers Retirement Board notified teachers last week that it’s missing a USB flash drive containing personal data. Fortunately, proper security procedures appear to have been in place and the data on the device was encrypted.
“We have numerous controls in place so that financial transactions are properly authorized and executed and have enhanced our internal procedures over the physical control of flash drives,” according to the letter, which was signed by Darlene Perez, administrator of the retirement board.
In Connecticut, data breach notifications are required under General Statute 36a-701(b). This law only applies to data that “has not been secured by encryption or by any other method or technology that renders the personal information unreadable or unusable”.
Does your state have a data breach notification law?
Data Security
Courtesy of CRN.
A number of these incidents involve laptops or USB hard drives. The rule of thumb should be: If it’s portable, it’s easy to steal.
Data Security
While Non-Profits may operate under budget constraints, they still require high-end technology solutions to meet their information security requirements. Kanguru is now offering discounted pricing on Defender and Defender Pro secure USB flash drives for Educational and other Non-Profit institutions.
Many Non-Profits handle and store sensitive information on clients, patients, students and employees. These organizations may be subject to State Data Breach Laws, HIPAA or the Family Educational Rights and Privacy Act (FERPA). The Kanguru Defender product line is designed to be a simple, cost effective solution for securing portable data and complying with applicable regulations. Contact Kanguru or your preferred Reseller for information on discounted pricing.
Data Security, Portable Storage
The California Dept of Public Health has fined five hospitals for failing to prevent unauthorized access to patient’s medical information.
CDPH assessed the penalties under new California legislation intended to protect the confidentiality of medical records. Under the law, an administrative penalty of $25,000 may be assessed against a medical facility for the breach of each patient’s medical information. A penalty of up to $17,500 is added for each subsequent breach of each patient’s medical information.
Penalties are also increasing at the Federal level thanks to last year’s HITECH Act. Enforcement of the new legislation started earlier this year.
Data Security
Follow us on Twitter