“This case is especially troubling because it was so preventable,” said AlertSec CEO Ebba Blitz. “HIPAA regulations have long since outlined basic provisions to keep data secure. Data must be encrypted. There is no excuse.”
With another large health data breach being announced this week, it is essential that covered entities of all sizes understand the intricacies of PHI security. However, there is an important distinction in types of data that healthcare organizations keep on hand.
Covered entities need to be able to determine if a HIPAA data breach has taken place following the potential exposure of sensitive data. The implementation of the HIPAA Omnibus Rule slightly changed this process, in that there were new determining factors for assessing exactly what constitutes a data breach.
Security is always a top concern, but the stakes are particularly high in the healthcare industry.