We’ve been hearing a lot lately about different types of data security breaches. Several questions arise when the topic is discussed. What does it all mean?
How is it possible to break into some of the most data- secured places in our society. Out of most factors involving breaches, three stick out the most. How HIPAA can Affect the Process, the Level of security violated, and the Post-Incident and where the stolen information goes.
HIPAA, a term heavily used in health care, software companies or Medias is an acronym for Health Insurance Portability and Accountability Act. It was established in 1996. Under this act among others, protected health information such as patient’s names, addresses, phone numbers, social security numbers, health care proxies, and medical information itself is safely stored and managed.
The HIPAA administration unit makes sure regulations and metrics are enforced. It should also ensure sensitive data is properly encrypted on both on hardware or software, cloud storage, email security. HIPPA is also generally responsible for keeping information confidential under a law of US government.
There are 3 types of breaches; electronic, paper or word of mouth.
- Electronic breach – This can be a stolen laptop, flash drive, unencrypted email with confidential information or email sent to the wrong patient.
- Paper breach – fax sent to wrong address or person, or document carrying protected information which failed to be shredded.
- Word of mouth – includes any situation when a person not authorized for the information either hears it or is told to
In any of these situations, employees of health care institutions (which are most likely to deal with a severe breach) are obligated and encouraged to call the 24/7 hot line (if recognized) to report this incidence. Health care institutions, especially the bigger ones, have formed special offices specialized on breach management such as Risk Management that needs to be contacted instead.
Steps to take if under data breach
Stay calm. Call hot line and/or risk management office and do not tell anyone, including the person whose information is at risk of a breach; leave that to professionals to avoid more harm. Knowing how to store protected information appropriately and distribute information to authorized people only, became more important than ever. Failure to do so or even unintended violation is at minimum costly and harmful to the name of your company.
Learn How to Apply Enterprise Content Management to your existing Security configuration.
If you’re looking for answers or want to let us know how we did, we’ll help you resolve your issues quickly.