Risk
2/20/2013
12:34 PM
Dark Reading
Dark Reading
Products and Releases
Connect Directly
RSS
E-Mail
50%
50%

6 Tips To Overcome PHI Security Obstacles

Industry experts presenting at the PHI Protection forum offer six tips

PORTLAND, Ore. - February 20, 2013 - Healthcare organizations' privacy programs are still understaffed and underfunded, even while millions of patients' protected health information (PHI) are compromised.

Securing PHI in healthcare is an obstacle, with 94% of healthcare organizations suffering data breaches in the past two years, according to the Third Annual Benchmark Study on Patient Privacy & Data Security. Organizations face new challenges with the recent release of the HIPAA Final Omnibus Rule. At the upcoming forum, Turning PHI Security Into a Competitive Advantage, to be held March

12-13 in Boston, organizations will learn how to build, present, and defend a business case for PHI security. More than 20 industry experts will outline steps to protect against the organizational and financial repercussions of data breaches.

"The chaos in the healthcare ecosystem puts organizations in paralysis," said Catherine A. Allen, chairman and CEO, The Santa Fe Group and one of the workshop presenters. "In this time of uncertainty, it is doubly critical that healthcare organizations mount effective PHI security programs to avoid costly breaches that could damage their reputations, their financial stability, and their ability to compete effectively in a changing market."

How to Combat PHI Security Obstacles

For those responsible for managing privacy and data security at healthcare organizations, industry experts presenting at the PHI Protection forum, offer six tips to overcome PHI security obstacles:

1. We don't do privacy because of HIPAA; we do it because it's part of

quality patient care. Make sure we get value for our investment in privacy.

Jim Anderson, principal, Risk Masters, Inc.

2. Invest in your people. Train them on policies and procedures. Post

and send security reminders. Reward compliance; sanction non-compliance. Make your people an asset, not a liability.

Mary Chaput, chief financial and compliance officer, Clearwater Compliance, LLC

3. An essential risk management exercise for your privacy program is

to protect PHI. Be sure you know where PHI is being collected, used, shared, and transferred and how and when PHI is securely destroyed.

Map your data, classify it, and then securely dispose of it on schedule to lower the risks and costs of excess storage.

Ellen Giblin, privacy counsel, The Ashcroft Group

4. Understand the value of the PHI in your organization in order to

determine the appropriate level of investment to protect it. A core goal of the forum is to help participants calculate these values.

Rick Kam, president and co-founder of ID Experts

5. With liability risks around PHI privacy escalating, business

associates and subcontractors should consider purchasing cyber insurance to help mitigate the rising financial risk.

James C. Pyles, principal, Powers Pyles Sutter & Verville PC

6. Develop a clear concept of how PHI protection will work. Recognize

that a change in organizational culture may have to take place.

Develop a written statement of benefits. Set reasonable goals.

Dick Wolfe, adjunct professor of health care administration, Washington Adventist University "Investing in PHI protection is a smart use of limited resources,"

said Dick Wolfe, adjunct professor of health care administration, Washington Adventist University. "A successful effort can safeguard the organization's financial resources, its reputation, and earn the respect of accrediting and compliance agencies."

PHI Protection Forum: March 12-13

The forum Turning PHI Security Into a Competitive Advantage, sponsored by the PHI Protection Network (PPN), will held March 12-13, 2013, in Cambridge, Massachusetts. Visit www.phiprotection.org or http://phiprotection.org/ for program details and registration information.

About PHI Protection Network (PPN)

PPN is an interactive network of PHI protectors and solutions providers. This cross-industry group was formed to help expedite the adoption of PHI best practice. Many members contributed to the report The Financial Impact of Breached Protected Health

Information: A Business Case for Enhanced PHI Security-calling for enhanced security to safeguard protected health information--issued in March 2012 with the American National Standards Institute (ANSI), via its Identity Theft Prevention and Identity Management Standards Panel (IDSP), in partnership with The Shared Assessments Program, and the Internet Security Alliance (ISA).

Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
Partner Perspectives
What's This?
In a digital world inundated with advanced security threats, Intel Security seeks to transform how we live and work to keep our information secure. Through hardware and software development, Intel Security delivers robust solutions that integrate security into every layer of every digital device. In combining the security expertise of McAfee with the innovation, performance, and trust of Intel, this vision becomes a reality.

As we rely on technology to enhance our everyday and business life, we must too consider the security of the intellectual property and confidential data that is housed on these devices. As we increase the number of devices we use, we increase the number of gateways and opportunity for security threats. Intel Security takes the “security connected” approach to ensure that every device is secure, and that all security solutions are seamlessly integrated.
Featured Writers
White Papers
Cartoon
Current Issue
Dark Reading's October Tech Digest
Fast data analysis can stymie attacks and strengthen enterprise security. Does your team have the data smarts?
Flash Poll
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2012-2413
Published: 2014-10-20
Cross-site scripting (XSS) vulnerability in the ja_purity template for Joomla! 1.5.26 and earlier allows remote attackers to inject arbitrary web script or HTML via the Mod* cookie parameter to html/modules.php.

CVE-2012-5244
Published: 2014-10-20
Multiple SQL injection vulnerabilities in Banana Dance B.2.6 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) return, (2) display, (3) table, or (4) search parameter to functions/suggest.php; (5) the id parameter to functions/widgets.php, (6) the category parameter to...

CVE-2012-5694
Published: 2014-10-20
Multiple SQL injection vulnerabilities in Bulb Security Smartphone Pentest Framework (SPF) before 0.1.3 allow remote attackers to execute arbitrary SQL commands via the (1) agentPhNo, (2) controlPhNo, (3) agentURLPath, (4) agentControlKey, or (5) platformDD1 parameter to frameworkgui/attach2Agents.p...

CVE-2012-5695
Published: 2014-10-20
Multiple cross-site request forgery (CSRF) vulnerabilities in Bulb Security Smartphone Pentest Framework (SPF) 0.1.2 through 0.1.4 allow remote attackers to hijack the authentication of administrators for requests that conduct (1) shell metacharacter or (2) SQL injection attacks or (3) send an SMS m...

CVE-2012-5696
Published: 2014-10-20
Bulb Security Smartphone Pentest Framework (SPF) before 0.1.3 does not properly restrict access to frameworkgui/config, which allows remote attackers to obtain the plaintext database password via a direct request.

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
Follow Dark Reading editors into the field as they talk with noted experts from the security world.