The Financial Impact of Breached Protected Health Information

Wednesday, March 07, 2012

Marjorie Morgan

509ea0c1f4a210534eb004d35c10aa2d

The Internet Security Alliance (ISA) in conjunction with the American National Standards Institute (ANSI) have released a new report titled The Financial Impact of Breached Protected Health Information: A Business Case for Enhanced PHI Security.

The report explores the reputational, financial, legal, operational, and clinical repercussions of a protected health information (PHI) breach on an organization, and provides a 5-step method – PHI Value Estimator (PHIve) - to assess specific security risks and build a business case for enhanced PHI security.

This tool estimates the overall potential costs of a data breach to an organization, and provides a methodology for determining an appropriate level of investment needed to strengthen privacy and security programs and reduce the probability of a breach.  A detailed example of costing a PHI breach using the PHIve method is provided in the report.

The report also offers information about:

  • the stakeholders involved in the health care ecosystem;
  • the evolution of laws, rules and regulations designed to protect PHI;
  • the causes and increasing number of data breaches;
  • the most common threats and vulnerabilities to the security of PHI;
  • safeguards and controls that organizations can put in place to mitigate the risk of a breach; and
  • current industry practices and attitudes for protecting PHI, based on a survey.

The report is available for download at no cost from ANSI here.

The Internet Security Alliance (ISA) is a unique multi-sector trade association which provides thought leadership and strong public policy advocacy as well as business and technical services to its membership. The ISA represents enterprises from the aviation, banking, communications, defense, education, financial services, insurance, manufacturing, security, and technology industries. ISA’s mission is to integrate advanced technology with the realistic business needs of its members and enlightened public policy to create a sustained system of cyber security. www.isalliance.org

The American National Standards Institute (ANSI) is a private non-profit organization whose mission is to enhance U.S. global competitiveness and the American quality of life by promoting, facilitating, and safeguarding the integrity of the voluntary standards and conformity assessment system. Its membership is comprised of businesses, professional societies and trade associations, standards developers, government agencies, and consumer and labor organizations. http://www.ansi.org

Possibly Related Articles:
5522
Breaches
Healthcare Provider
breaches HIPAA Compliance Enterprise Security PHI Data Loss Prevention Internet Security Alliance Healthcare report ISA ANSI
Post Rating I Like this!
The views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post.

Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use.