Healthy Data Blog


Prevent PHI from Falling into the Wrong Hands

Posted by David Rasmussen on Jul 21, 2016 1:30:00 PM

The British are coming! The British are coming!

This isn't a blog about the Battles of Lexington and Concord with Paul Revere’s famous quote… but this is equally as important as that fateful night.PHI.jpg

The British, Chinese, Iranians, Russians, eastern Europeans—and probably the US government too—are all coming to a database near you.  They are systematically gathering data about all of us.  No bit of data is too small because it could be a critical piece of the puzzle that connects all of the seemingly unimportant information they’ve already collected on you.  Imagine creating a digital picture of you, one pixel at a time.  Get it?  No wait, they’ve got it.

As defined by US law and HHS.gov, protected health information (PHI) includes any information about health status, provision of health care, or payment for health care that is collected or created by a covered entity and can be linked to a certain individual. U.S. Department of Health & Human Services

A breach of PHI can cause you expensive litigation, large fines, and a damaged reputation. The most common cause of PHI breach is theft or loss of unencrypted portable computing devices and digital media (laptops, tablets, mobile, USB drives, CDs). Clear Data, Information Security

We are all in an arms race.  Every time you strengthen your data defenses the thieves think of new ways to penetrate them.  One of the best defenses against a PHI breach: strong common sense.

Don’t use PHI if you don’t have to.  And don’t store/save it if you don’t need to.  If the PHI isn’t out in the world of Big Data, it can’t be stolen.

Lesson #1
T
hink Medical Research PHI

Let’s assume you need to save dozens of files of important documents and records (i.e. medical records) and let’s also assume they contain bits of sensitive information that are superfluous.  Consider deleting or redacting just the sensitive information. 

Generally speaking, medical researchers don’t need the patient’s name.  If patient names and social security numbers are removed, they can’t be stolen and their exclusion from the document doesn’t necessarily lessen their value. 

If you don’t need it or use it, get rid of it.Protected Health Information PHI

 

Lesson #2
Encryption When PHI is in Motion

Just this last week, we received a hard drive with a large number of documents.  These documents were sent to us by our client because we provide redaction services.  The drive was not encrypted, and worse, the drive was first sent to the wrong address.  Think about it… unprotected sensitive documents sent to the wrong address.  Mistakes happen but this human error would have been mitigated if the drive was encrypted. 

Take time to secure documents in transit.

 

 

There are too many possibilities with the breach of PHI. Our job is to eliminate these possibilities with automated redaction services. For more information on our product and services, schedule a brief call with us by clicking the link below.

 

 

 

 

   

Subscribe to our Healthy Data Blog

Recent blog posts