Protecting confidential patient data
By Simon Thorpe on Sep 17, 2008
A recent article in the Teesdale Mercury reports, unfortunately, another instance of patient data falling into the wrongs hands. The press is constantly reporting issues of confidential patient information being hacked, lost, stolen, misused. This highlights a common problem within the healthcare industry, the requirement to share sensitive information about patients and practices of the organization whilst trying to comply with regulations which require process and technology is in place to secure such information. Unfortunately incidents like this are all too common, the Data Loss DB also makes it very easy to look across the healthcare vertical and see who has been losing information, how much was lost, when and how.
Worse still, the healthcare sector is full of regulation. One of the most important in the U.S.A. is the Health Insurance Portability and Accountability Act of 1996 (HIPAA). A major component of HIPAA addresses the privacy of individuals’ health information by establishing a nation-wide federal standard concerning the privacy of health information and how it can be used and disclosed.
Essentially, a HIPAA covered entity cannot use or disclose protected health information for any purpose other than treatment, payment, or health care operations without either the authorization of the individual or under an exception in the HIPAA regulations.
IRM is an excellent technology to solve the problem of securing any content covered by the HIPAA act. Not only does it ensure only the right people have access to the right patient data, but as each and every secure document is accessed an audit record is generated. Allowing the organization the ability to present reports which prove all efforts have been taken to secure confidential patient information.