Low Tech Data Security Measures Essential To Hitech Compliance
With the February 17 deadline looming, Kroll Fraud Solutions releases white paper outlining key steps to HITECH compliance.
Nashville, TN (PRWEB) December 1, 2009
As the February 17 deadline for the Health Information Technology for Economic and Clinical Health Act (HITECH) approaches, data security and identity theft protection services provider Kroll Fraud Solutions (http://www. krollfraudsolutions. com/) today released the white paper, "Low Tech is the Path to HITECH (http://www. krollfraudsolutions. com/understanding-id-theft/lowtech-white-paper. aspx)," which outlines important steps healthcare organizations should take to comply with the new requirements. According to Kroll, technology alone won't ensure data security; all cyber measures must be combined with low tech approaches, including employee training in data handling. For a comprehensive approach to compliance, companies must focus on data use, storage and access; employee training and communication, evaluation of third-party security measures, and comprehensive incident response planning.
HITECH, part of the American Recovery and Reinvestment Act of 2009, expands current federal privacy and security protections for healthcare and patient data. It requires that covered entities notify patients if a data breach exposes their Protected Health Information (PHI) to unauthorized persons and mandates notification to affected individuals within 60 days of breach discovery.
"In preparation for HITECH compliance, it's important that healthcare organizations put policies and procedures in place to protect PHI and Personal Identifying Information (PII) against data breaches and identity theft," said Brian Lapidus, Chief Operating Officer. "Technology is a key part of protecting patient data, but too often we see organizations focus solely on cyber security measures, while patient data is walking out the front door. At Kroll, we believe a comprehensive approach that includes both high-level and low-level technology measures is vital to protecting patient data."
As organizations examine their data security measures for compliance, Kroll encourages organizations to take the following steps, all of which are detailed in "Low Tech is the Path to HITECH":
Know your data: Understand the what, where, and when of the data housed within the organization, and then determine how and why it is accessed, used or transported. Know your employees: Recognize that hiring best practices are an important component in security, as is training and communication. Know your partner: Assess the importance of performing due diligence with third party vendors and making them aware of their responsibilities in keeping patient data safe. Know your response plan: Examine the steps needed to actively prepare, respond and prevent (or minimize) the risk of a reoccurrence through a comprehensive and tested data breach response plan.
"Low Tech is the Path to HITECH" examines key issues in the life cycle of healthcare data. It explores the nature of healthcare data (where it resides and how it's lost), data privacy and security post-breach, the role of employees in data security, the cost of third-party breaches, and how to prepare for, respond to, and safeguard against a breach.
Visit Kroll's Web site for more information or to download the full "Low Tech is the Path to HITECH (http://www. krollfraudsolutions. com/understanding-id-theft/lowtech-white-paper. aspx)" report.
About Kroll:
Kroll, the world's leading risk consulting company, provides a broad range of investigative, intelligence, financial, security and technology services to help clients reduce risks, solve problems and capitalize on opportunities. Kroll Inc. is a wholly owned subsidiary of Marsh & McLennan Companies, Inc. (NYSE: MMC), the global professional services firm. Kroll began providing identity theft solutions in 1999 and created its Fraud Solutions practice in 2002 in response to increasing requests from clients for counsel and services associated with the loss of sensitive personal information, and related identity protection and restoration issues facing organizations and individuals. Since then, Kroll's Fraud Solutions clients have included Fortune 500 companies, non-profit organizations, and government entities dealing with healthcare, financial services, insurance, consumer service, and any activity involving the collection and use of personal information. Kroll's Fraud Solutions team presently serves over 10,000 businesses and millions of individual consumers. For more information, visit: krollfraudsolutions. com (http://www. krollfraudsolutions. com/).
###
