« HITECH Act Compliance Alert: Breach of PHI affecting 500,000 | Main | Video: If Air Travel worked like Healthcare... »


Feed You can follow this conversation by subscribing to the comment feed for this post.

Deborah Leyva

Peggy, your questions are indeed valid.

Part of the solution is for provider facilities to educate clinicians on the impact of lost or stolen PHI in order to raise awareness and possibly prevent lost of PHI from happening in the first place. Documentation and education should provide guidance, should be tracked for compliance. It should also be noted that documentation of policies, procedures, and protocols for handling PHI should also address required steps when PHI is, in fact, lost or stolen or breached.

Analogous to hurricane preparedness, it is important to know how to implement the appropriate chain of events that begin when a breach is suspected.

For specific requirements related to technical specifications required by HITECH and The Security rule, visit http://www.hipaasurvivalguide.com/hipaa-survival-guide-16.php

Peggy Lasoff

With regard to your recent blog; “Cost of a Data Breach”, I feel it raises many red flags. As the healthcare industry moves towards technology how are the indirect costs going to be factored in?
One concern I was thinking of specifically involves the Personal Digital Assistants (PDAs). More healthcare employees are utilizing these devices that are subject to being stolen or lost due to their small size. What are the legal ramifications to the employee who has their device stolen or lost? Will the employee be protected by their employer, or their own private insurance? Are employees being trained in the knowledge needed of their responsibility’s to protecting patient information?
Although much has been written regarding hackers in large corporations, what will the cost be to smaller organizations to ensure the protection of their data and the employees?
Peggy Lasoff RNC

The comments to this entry are closed.

Healthcare Blogroll