The time and money spent protecting personal health information from data breaches are well worth the investment, contends a new industry security report.
The 67-page report, "The Financial Impact of Breached Protected Health Information: A Business Case for Enhanced PHI Security," includes a five-step method that health care organizations can use to assess security risks and build a case for improving security. The report, released Monday, was prepared by the nonprofit American National Standards Institute with the Shared Assessments Program and the Internet Security Alliance.
The five steps are:
- Conduct an assessment determining the risks, vulnerabilities and applicable safeguards for each PHI home, or place in the IT system where personal health information rests.
- Determine a security readiness score for each PHI home based on the likelihood of a data breach.
- For each unacceptable security readiness score, examine the likelihood of a particular cost factor being applicable and apply a relevance factor.
- Use the formula "relevance x consequence = impact," with impact representing the adjusted cost.
- Add the adjusted costs to determine the total adjusted cost of a data breach.
John Pulley
John Pulley has written the Health IT Update blog since May 2011. Prior to becoming a regular contributor to Nextgov, he covered technology for Federal Computer Week and Government Health IT magazines. He has written about government for Federal Times and Air Force Times, as well. Pulley has worked in journalism for more than 20 years. He began his career covering local government for regional newspapers. In addition, he served as a writer and senior editor at The Chronicle of Higher Education for seven years. In 2006, he founded The Pulley Group, an editorial services agency.
Addressing the 3 Biggest BYOD Security Threats
Mobile Apps: New Ways to Connect Government with Citizens
Continuous Monitoring As a Service: A Shift in the Way Government Does Business
sponsored
3 Ways Data is Improving DoD Performance
JOIN THE DISCUSSION
By using this service you agree not to post material that is obscene, harassing, defamatory, or otherwise objectionable. Although Nextgov does not monitor comments posted to this site (and has no obligation to), it reserves the right to delete, edit, or move any material that it deems to be in violation of this rule.