At the end of December, Health IT Security published the article, ‘How Technical Safeguards Prevent Healthcare Data Breaches’ by Sara Heath. The article discusses the importance of healthcare organizations using technology to safeguard health data. HIPAA, Heath writes, has flexible technical safeguard requirements intended to cater to each individual practice. The three suggestions they have for protecting healthcare organizations involve:
- Protection against hacking. HIPAA outlines a handful of suggested procedures that can be adopted at varying intensities by different organizations. They also emphasize the usefulness of audits to benchmark these practices and procedures.
- Protection against phishing scams. HIPAA offers guidelines as to what to look for since the number of these scams continue to grow.
- Encryption of health devices. Even the article noted that there are limitations with encryption.
These are very prescriptive steps to take when it comes to safeguarding against data breaches – but one step not included here is de-identification. Safeguarding PHI is an exercise in risk management – by sharing and storing PHI, the legal, financial and reputational risks rise exponentially. Properly de-identified data means that the identifiers that could re-identify individuals in the data would be generalized, suppressed or removed to protect patient privacy. HIPAA de-identification guidelines stipulate that any time health data is being shared for a purpose outside treatment of the patient, that data should be de-identified first. When a risk-based approach is applied, there is no individually identifiable information. And without information that re-identifies patients, immediately or indirectly, it’s not PHI as defined by HIPAA. This is supported by the NIH, “De-identified health information, as described in the Privacy Rule, is not PHI, and thus is not protected by the Privacy Rule.” Something to consider when dealing with data breach precautions.
For more on data breaches, make sure to check out our infographic.
The post Safeguarding Against Data Breaches appeared first on Privacy Analytics.