For those in the healthcare industry, there are many regulations about data security and breach notification you must follow. One of the most important is Section 13402(e)(4) of the HITECH Act. It requires that if a breach occurs and affects more than 500 individuals, The Secretary of Health and Human Services must publish it.
You can actually see the list of published “major breaches” that have occurred since this new provision was enacted here, and it is a sometimes scary reminder of how important a good data security and media sanitization policy is. It’s not just a matter of securing the private information of your patients and partners and upholding your end of that agreement. It’s about good business.
This website acts as a sort of “wall of shame” that anyone can find and look at, seeing if your practice or organization has had a major lapse in security so bad that it exposed more than 500 people to risk. That’s a big deal, and it’s something you want to avoid ever happening (or happening again if you’ve been unlucky enough to get on this list once).
What We Can Learn from the Breach List
I’ve written at length about the importance of media sanitization and how effective planning and ongoing procedures can ensure you never have this kind of problem. Just look at the location of breached info for some of the worst offenders on this list.
Of those whose breaches affected 1 million or more individuals, 4 out of 7 were because of lost or stolen backup media. Backup tapes, hard drives, and other media were stolen or lost from major state-wide or city-wide organizations and it affected hundreds of thousands of people.
A good media sanitization process would have ensured those tapes and hard drives were properly processed and disposed of before they could become at risk of being lost or stolen, all while ensuring security of existing and new information in that organization. Now those organizations must not only find a way to create a new security plan that will prevent such a breach from ever happening again, but they must also deal with the fallout of being listed on the HHS website.
Avoiding the Wall of Shame and Shoring Up Security
The bottom line is that smart security is proactive. It ensures that all information is properly handled, scheduled for sanitization when necessary, and thoroughly destroyed. The size of an organization can certainly create a challenge, but with resources available in the form of document and media destruction companies like Strongbox, it is possible to ensure your systems are breach-resistant as much as possible.
If any of this applies to you or you are worried about an out of date breach-management system and would like to discuss with a professional your best options for establishing a system that will protect you and your patients in the future, contact Strongbox. We can work with you to create and manage a system that will help avoid such breaches and keep your organization running smoothly in the future.