Health IT Pulse

Jun 17 2011   11:17AM GMT

Lessons learned from abroad: PHI encryption is essential

AnneSteciw Profile: AnneSteciw

data breaches
HIPAA Privacy Rule
PHI encryption

If a health care organization can be fined $4.3 million over an incident involving a mere 41 patient records, imagine what the penalty might be for a health care data breach involving 8.63 million patient records. London Health Programmes (LHP), a medical research organization based at the NHS North Central London health authority, waited three weeks before reporting the loss of twenty laptops, one of which contained the unencrypted health information of 8.63 million people. It is still unknown whether the laptops were stolen or misplaced.

The incident underscores the importance of using PHI encryption and establishing solid data loss prevention policies. Hardware that’s at high risk of loss or theft — such as laptops, thumb drives or corporate smart phones — should be at the top of the list for data encryption.

“When a machine contains highly sensitive information on literally millions of patients, not securing the data on it by any means possible isn’t just careless: it’s sheer negligence,” said Chris McIntosh, chief executive of ViaSat UK (formerly Stonewood).

Though the London organization does not have to comply with the Privacy Rule in the Health Insurance Portability and Accountability Act, also known as the HIPAA Privacy Rule, it could be fined for violating the U.K.’s Data Protection Act.

Here in the U.S., PHI encryption gives hospitals a safe harbor, as the loss of encrypted data does not constitute a data breach under the HITECH Act. But encryption is only one means of data loss prevention: Health care organizations would be wise to take additional steps to avoid a health care data breach.

1  Comment on this Post

There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when other members comment.
  • Jenny Laurello
    Lessons from abroad: U.K. health org's data breach affecting 8M shows PHI encryption is key #HealthIT #EHR #EMR
    0 pointsBadges:

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

Share this item with your network: