Strengthening HIPAA, the HITECH Act calls for greater protection of sensitive personal health data. Passed as part of the American Recovery and Reinvestment Act of 2009, the HITECH Privacy Rule sets the standard that PHI should be rendered “unusable, unreadable, or indecipherable to unauthorized users.”
Under the HITECH Act’s breach notification rule, if a breach of unsecured PHI occurs, covered entities and their business associates are required to provide notification of the breach to affected individuals and the HHS Secretary. If a breach affects 500 individuals or more, the breach is published on the OCR breach list and media outlets serving the affected individuals’ state or jurisdiction must be notified.
“It is fair to say that this breach notification provision has been the HITECH change that has had the most extensive impact on the health care industry to date,” said Kirk Nahra, a partner with Wiley Rein LLP in Washington. “Large and small breaches are being reported by the thousands. Many of these notices are leading to litigation, widespread publicity, and extensive cost.”
HITECH Compliance Solution
Recently Alaska settles case for 1.7M, Sutter Health hit with $1Billion suit, UCLA 865K, AvMed sued over one of the largest breaches in history. More are being announced every day. There are theories about the surge of Enforcement, some of which demonstrate the excessive litigious nature of our society, and secondly that fines related to breaches are used to pad cash-straped budgets of agencies or state budgets. Organizations should be able to demonstrate they are aware of their data, its location, sensitivity, and defined and monitor users that have access to it. The next step is to monitor with technology the data and movement within the approved user list and to create stop gaps for leakage activities. BorderLAN can help with the identification of this data, and the movement to non-approved locations (USB, CDROM, Iphone, email, laptop, ipad and much more).
Neglect either knowingly or unknowingly costs in fines, lost customers and additional legislation. Self auditing and employee training are wonderful but falls short of the technical protection that is required to reduce the violation risk. Dozens of methods of leaks create pinpoint defense or training useless. BorderLAN Network Security provides various solutions that intelligently look at data in motion, fingerprint whats known as confidential, prevent it’s exit and can even prevent similar types of data from leaking. We supply simple to use software for the smaller or midsize organizations, all the way up to Appliances to defend the enterprise.