What's the Cost of Breaches?
A new program will create a framework for helping organizations determine the economic affect of a disclosure or breach of protected health information.
The American National Standards Institute and the Shared Assessments Program have formed the "ANSI/Shared Assessments PHI Project." ANSI is a standards development organization serving multiple industries; it is well known in health care for the administrative/financial transactions known as the HIPAA transaction sets.
The Shared Assessments Program is a multi-industry collaborative that has developed a methodology for evaluating outsourced vendor controls for security, privacy and business continuity. ANSI and Shared Assessments formed an advisory committee, which met in recent days to kick off the PHI project. Committee members represent data security companies, identify theft protection services and researchers, standards developers, and legal experts on privacy and security, among others.
Rick Kam, president of ID Experts, a Beaverton, Ore.-based data breach prevention and remediation firm, serves as chairman. "Organizations that are custodians of health care data are grappling with how to calculate their risk exposure when PHI is lost or stolen," Kam said in a statement announcing the initiative. "The ANSI/Shared Assessments PHI Project will inform their investment decisions to protect PHI and will provide guidance on how to respond if this data is compromised."
Specific focus areas of the initiative include identifying existing legal protections applying to PHI, defining points of compromise where there are risks of exposure, and assessing the financial affects of disclosure of PHI. The project also may include an industry survey.
Interested parties are welcome to participate in the work, starting with a two-hour conference call on April 7 at Noon Eastern Time. Most of the project's work will occur via conference calls during the next few months. For more information, contact firstname.lastname@example.org.