Yes, I work for GE Healthcare
Congressional Briefing: The Financial Impact of Breached Protected Health Information: A Business Case for Enhanced PHI Security
Co-hosted by Congressman Edward J. Markey (D-MA) and Congressman Joe Barton (R-TX), Co-Chairs of the Congressional Bipartisan Privacy Caucus.
Health care organizations are entrusted with safeguarding patient privacy and protected health information (PHI), but their security efforts are not keeping pace with the growing risks of exposure of PHI as a result of electronic health record (EHR) adoption, the number of organizations handling PHI, and the growing rewards of PHI theft. In order to sustain delivery of quality health care and ensure patient safety, the health care industry and its service providers require adequate processes and resources to protect PHI.
The Financial Impact of Breached Protected Health Information: A Business Case for Enhanced PHI Security provides health care organizations a 5-step method – PHIve (PHI Value Estimator) to assess specific security risks and build a business case for enhanced PHI security. This tool estimates the overall potential costs of a data breach to an organization, and provides a methodology for determining an appropriate level of investment needed to strengthen privacy and security programs and reduce the probability of a breach. Armed with the information contained in this free report, organizations operating in the health care sector can take immediate action to commit the resources needed to head off the potentially devastating consequences of a PHI data breach.
§ Joe Bhatia, President and CEO, American National Standards Institute
§ Catherine Allen, Chairman and CEO, The Santa Fe Group
§ Larry Clinton, President and CEO, Internet Security Alliance
§ Rick Kam, President and Co-Founder, ID Experts, Chairman of the PHI Project
§ James C. Pyles, Principal, Powers Pyles Sutter & Verville PC
§ Lynda Martel, Director, Privacy Compliance Communications, DriveSavers Data Recovery
§ Mary Chaput, CFO and Chief Compliance Officer, Clearwater Compliance LLC
Monday, March 5, 2012, 12:30 p.m. – 1:30 p.m.
A simple brown-bag lunch will be served.
Rayburn House Office Building, Room Rayburn B-340
Independence Avenue and South Capitol Street
Washington, DC, 20003
Launches on March 5, 2012, at 10:00 a.m.: webstore.ansi.org/phi
The event is open to members of Congress and their staff as well as all interested members of the press. RSVP to email@example.com.
Complimentary copies of the report and an accompanying media kit will be available at the congressional briefing.
Background: One of the key goals of the Federal Health Information Technology Strategic Plan is to inspire confidence and trust in health IT and electronic health information exchange by protecting the confidentiality, integrity, and availability of health information. ONC’s Office of the Chief Privacy Officer (OCPO), along with the HHS Office for Civil Rights (OCR), recently launched a privacy and security mobile device project. The project builds on the existing HHS HIPAA Security Rule - Remote Use Guidance and is designed to identify privacy and security good practices for mobile devices. The identified provider use case scenarios and good practices to address those scenarios will be communicated in plain, practical, and easy to understand language for use by health care providers, professionals, and other entities.
Roundtable Purpose: To gather public, industry, and subject matter expert input that will help inform the development of an effective and practical way to bring awareness and understanding to those in the clinical sector regarding securing and protecting health information while using mobile devices.
Roundtable Objectives:My overall my answer is, that mobile devices are not different than any other. Mobile Devices are just more likely to get lost or stolen (for pawn). It is this increased likelihood (of known risks) that needs to be considered. Thus good application design keeps sensitive information off of the device. Since this is a USA domain, it is quite easy to point at NIST who have excellent guidelines on this topic:
- Address the current privacy and security legal framework for mobile devices accessing, storing and/or transmitting health information;
- Discuss real world usage of mobile devices by providers and other health care delivery professionals to understand their expectations, attitudes, challenges and needs;
- Gather input regarding the information (and format) providers and other health care delivery professionals want and need to help them safeguard health information on their mobile devices; and
- Gather input on existing and emerging privacy and security good practices, strategies and technologies for safeguarding data on mobile devices.