The American National Standards Institute (ANSI) and the Shared Assessments Program this week launched a study to investigate the costs associated with healthcare patient data breaches and the impact of those breaches on the victims.

ANSI, via its Identity Theft Prevention and Identity Management Standards Panel (IDSP), is working with the Shared Assessments Program and its Healthcare Working Group to explore the financial impact of unauthorized personal health information (PHI) access. The goal of the "ANSI/Shared Assessments PHI Project" is to identify frameworks for determining the economic impact of any disclosure or breach of protected patient data.

The ANSI/Shared Assessments PHI Project, which met for the first time a week ago, brings together professionals from across the industry: data security companies, identity theft protection providers and research organizations, legal experts on privacy and security, standards developers, and others.

The initiative will culminate in a report targeted at those responsible for and entrusted with protecting and handling PHI. "The report will help inform the healthcare industry in making investment decisions to protect PHI, as well as improve responsiveness if and when this patient information is breached," the founders say.

The group says it plans to tackle the problem by identifying existing legal protections related to PHI, defining points of compromise in the healthcare ecosystem where there are risks of exposure, and assessing the financial impacts of the disclosure of PHI. Industry experts are invited to participate in the next meeting via a two-hour conference call on April 7 from 12 p.m. to 2 p.m. EDT. Interested parties can send an email to [email protected] to join in the work effort. There is no fee to participate, and most of the work will take place via conference calls during the next few months.

Have a comment on this story? Please click "Comment" below. If you'd like to contact Dark Reading's editors directly, send us a message.