I've Been Mugged Blog

On Monday, the PHI Project released a report about the state of data security within health care organizations titled, "The Financial Impact of Breached Protected Health Information: A Business Case for Enhanced PHI Security." Key findings:

• Weak Data Security: health care organizations are entrusted with safeguarding patient privacy, but their security efforts are not keeping pace with the growing risks of lost/stolen protected health information (PHI),
• Data Breach Activity: the number and size of data breaches including PHI are increasing. The negative impacts are financial, legal, clinical, and reputational for the organizations experiencing data breaches,
• The PHI Project recommends that health care organizations implement a five-step method – PHI Value Estimator (PHIve) -- to evaluate the risks of a breach of PHI data, and implement preventative measures.

According to Rick Kam, president and co-founder of ID Experts and chair of the PHI Project:

“No organization can afford to ignore the potential consequences of a data breach... We assembled this working group to drive a meaningful dialogue on appropriate levels of investment to better protect healthcare organizations and PHI.”

The PHI Project is a partnership including the American National Standards Institute (ANSI) via its Identity Theft Prevention and Identity Management Standards Panel (IDSP), The Santa Fe Group/Shared Assessments Program Healthcare Working Group, and the Internet Security Alliance (ISA) -- with assistance from ID Experts.