The Identity Theft Prevention and Identity Management Standards Panel of the American National Standards Institute (ANSI) has published a 67-page report about the need for healthcare organizations to protect patient information from data breaches.
The "Financial Impact of Breached Health Information" discusses the financial, legal, operational, clinical, and other repercussions of a protected health information (PHI) breach within a healthcare organization. It offers information about stakeholders involved; the evolution of laws, rules, and regulations designed to protect PHI; the causes of data breaches; the most common threats and vulnerabilities; and safeguards and controls that organizations can implement to mitigate risk.
The report also offers a five-step method for an organization to assess its risk level for such a breach. The PHI Value Estimator (PHIve tool) estimates the overall potential costs of a data breach for an organization, and it provides methodology for determining an appropriate level of investment to reduce the probability of a breach.
The report was also developed by the Internet Security Alliance (ISA) and the Santa Fe Group/Shared Assessments Program Healthcare Working Group. It can be downloaded by clicking here.