« Complex challenges for EHR implementations | Main | The Standards Rule and the NPRM for Meaningful Use »


Feed You can follow this conversation by subscribing to the comment feed for this post.

Deborah Leyva

Well stated Jim. The stakes are now much higher with respect to enforcement of civil and criminal penalties. Thanks for sharing your perspectives.

Jim Nocero

Conn. Attorney General Sues Health Net Over Data Security Breach
Real problems that needed real solutions:
Many of you may have heard the recent landmark case of this large healthcare provider who had breached patient secure information laws. http://bit.ly/65fOka
What makes this case so special is this lawsuit marks the first time a state attorney general has sued over HIPAA violations. The health IT provisions of the 2009 federal economic stimulus package authorized state attorneys general to enforce the HIPAA privacy and security rules.
Could the above incident of breach been prevented? Of course, and to be frank, I have witnessed this type of violation with several companies on first hand basis in my 13 years as an IT risk management operations manager. Can we expect more of these cases; I believe we are all in agreement on this one, unfortunately yes. One of the most difficult problems for a CEO/business owner and their officers will be fully comprehending the magnitude to how easy this type of breach can occur and in the case above how devastating the costs. The next misunderstanding is the steps involved in preventing and combating them prior to receiving the call from the Attorney General’s office.
And finally but not in the least, during development of their information protection risk management programs, many do not discuss their developments in detail with the protection advisors. This I have found to be true for many reasons, and for the most part business executives and owners not knowing what their current insurance Broker can bring to the table, if anything.
Your protection advisor should be capable of understanding the new laws, your corporate environment and their operations either in a local, campus or enterprise levels. They must understand the technology you utilize and how this technology is implemented across your operations. Coordination between you CFO, CIO, HR and management teams are crucial to your risk management plan success, including the availability of proven audit, training and program tool sets. And finally they must have the proper insurance carriers that offer the protection class your operations demand in a module and packaged policy program. In addition their risk management and support services must be state of the art to insure the broadest and most comprehensive coverage’s available. I expect this from my carriers and so should you.
If you have any doubts to the ability of your risk management and protection plans, you need to contact me immediately for your free review. You have everything to gain in calling and as we have seen above, much too loose if you set this warning aside.
Jim Nocero

The comments to this entry are closed.

Healthcare Blogroll

Awards & Sites

  • Follow me on Twitter
  • Alltop, all the top stories