SYS-CON MEDIA Authors: Stacy Gorkoff, Yung Chou, Bob Gourley, RealWire News Distribution, Paul Miller

Related Topics: Cloud Expo, SOA & WOA, Virtualization, Web 2.0, Apache, Security

Cloud Expo: Article

Healthcare Provider Pays a Steep Price for Patient Data Privacy Breach

Healthcare organizations can protect patient information in the cloud
By Gerry Grealish
Article Rating:
September 22, 2012 01:00 PM EDT
Reads:
 2,636

By Gerry Grealish
PerspecSys Vice President of Marketing & Products

Earlier this week, the Massachusetts Eye and Ear Infirmary and Massachusetts Ear and Eye, Inc. (MEEI) agreed to pay a hefty $1.5 million settlement to the U.S. Department of Health & Human Services for alleged HIPAA violations. According to MEEI, a personal laptop that contained unencrypted electronic protected health information (ePHI) was stolen, exposing a large amount of personal, clinical, and patient prescription data.

The government's investigation found that MEEI failed to take steps necessary to comply with several HIPAA Security Rule requirements regarding data protection, and that the failures occurred over an extended period of time. And while this healthcare data breach involved a laptop, data security risks like this extend to larger "secure" IT environments as well. Just take a look at the largest healthcare data breaches in the last few years, and you'll see that intrusions have taken place not only on portable devices, but on enterprise servers, client-server systems, centralized back-up systems, and cloud implementations.

Healthcare organizations must take notice. With the growing use of electronic medical records (EMRs), security risks are becoming much more widespread, and healthcare is one of the most susceptible industries. According to the Identity Theft Research Center, so far in 2012, more than 27 percent of reported data breaches have been in the medical/healthcare industry.

As shown by the MEEI case, government regulators are becoming a lot more aggressive about imposing monetary penalties for non-compliance. But practical solutions do exist - key among them are data encryption and tokenization systems for cloud applications and cloud storage. As we have proven with Inland Empire Health Plan, a cloud data security solution that incorporates encryption and/or tokenization can help healthcare IT and compliance managers tackle this critical (and potentially costly) data protection challenge.

By rendering ePHI undecipherable, and therefore unusable, when it's outside an enterprise firewall, healthcare organizations can protect patient information in the cloud, comply with regulations, and stay out of headline news with reports of image-damaging security breaches.

Read the original blog entry…

PerspecSys Inc. is a leading provider of cloud data security and SaaS security solutions that remove the technical, legal and financial risks of placing sensitive company data in the cloud. PerspecSys accomplishes this for many large, heavily regulated companies by never allowing sensitive data to leave a customer's network, while maintaining the functionality of cloud applications. Based in Toronto, PerspecSys Inc. is a privately held company backed by investors that include Intel Capital and GrowthWorks.

Published September 22, 2012 – Reads 2,636
Copyright © 2012 SYS-CON Media, Inc. — All Rights Reserved.
Syndicated stories and blog feeds, all rights reserved by the author.

More Stories By Gerry Grealish

Gerry Grealish is Vice President, Marketing & Products, at PerspecSys. He is responsible for defining and executing PerspecSys’ marketing vision and driving revenue growth through strategic market expansion and new product development. Previously, he ran Product Marketing for the TNS Payments Division, helping create the marketing and product strategy for its cloud-based payment gateway and tokenization/encryption security solutions. He has held senior marketing and leadership roles for venture-backed startups as well as F500 companies, and his industry experience includes enterprise analytical software, payment processing and security services, and marketing and credit risk decisioning platforms.

Comments (0)

Share your thoughts on this story.

Add your comment
You must be signed in to add a comment. Sign-in | Register

In accordance with our Comment Policy, we encourage comments that are on topic, relevant and to-the-point. We will remove comments that include profanity, personal attacks, racial slurs, threats of violence, or other inappropriate material that violates our Terms and Conditions, and will block users who make repeated violations. We ask all readers to expect diversity of opinion and to treat one another with dignity and respect.