Monday, January 6, 2014

FTC: 20 Years Monitoring Required in Patient Data Breach

A medical billing company has agreed to a settlement with the US Federal Trade Commission (FTC) related to a 2011 data breach that affected 23,000 patients.

Although there is no monetary penalty, the settlement requires 20 years of security program evaluation by a certified third party. The company has agreed to implement a number of steps to protect the patient data it handles. In addition to employee training programs, the company must implement risk assessment and prevention and detection programs to protect data from breaches. For the risk of data breaches from insiders, or those posing as insiders, proactive detection is available as low-cost on-demand SaaS analytics services.

"...settlement is an important reminder that the [HHS] Office for Civil Rights is not the only game in town when it comes to enforcement of health information privacy and security."
- Adam Greene, Privacy Attorney, Davis Wright Tremaine.
The FTC can initiate health data breach investigations, or do so based on referrals by agencies such as the Department of Health and Human Services (HHS). "The FTC commonly issues breach investigation settlements that include corrective actions aimed at having organizations better protect consumer's personal information," says Allison Lefrak, FTC attorney.
Download a white paper on patient privacy breach detection. Learn how to proactively identify unauthorized breaches of patient data privacy, even by authorized users - with no hardware and no on-site software.
Sources:
(a) Accretive Health Breach: FTC Settlement - www.GovInfoSecurity.com, 01/02/2014

No comments:

Popular Posts

Copyright © 2010-2017 by Veriphyr Incorporated, All Rights Reserved.

Contact us at Veriphyr.com.