The simplest data backup & recovery softwareFor laptops and desktops in your business
According to Wikipedia “there were 380 major data breaches in the United States in 2011, involving 500 or more patients’ records listed on the website kept by the United States Department of Health and Human Services (HHS) Office for Civil Rights.
So far there have been 18,059,831 “individuals affected,” and even that massive number is an under-count of the breach problem.”
The recent penalty on BlueCross BlueShield of $1.5 million to the federal government is a harsh warning to the Healthcare and Insurance industries to ensure effective data protection.
The fine however is not the only expense of this Data Loss incident. Since the data was lost in 2009, the company has spent around $17 million in costs on investigation, analysis, notification and improved data protection efforts. This is a sure indication of the costs of HIPAA non-compliance, and how the associated costs of data loss are severe.
The data loss, investigated by the U.S. Department of Health and Human Services Office for Civil Rights, which said the company “failed to implement appropriate administrative safeguards to adequately protect information” at the facility and did not have adequate facility access controls. Both failures violated requirements of the Health Insurance Portability and Accountability Act.
Blue Cross Blue Shield has now agreed to a 450-day corrective action plan to assess and address weaknesses in its HIPAA compliance program, HHS said.
Download our White Paper: HIPAA Compliance through Effective Data Protection
The penalty is a result of potential violations of patient information rules that resulted from the theft of 57 hard drives from the Blue Cross Blue Shield. The hard drives contained protected health information of over one million customers. This personal information included Full Names, Date of Birth, Social Security number, diagnosis codes and health plan identification numbers.
“This settlement sends an important message that OCR expects health plans and health care providers to have in place a carefully designed, delivered and monitored HIPAA compliance program,” said OCR Director Leon Rodriguez.
BlueCross will also have to review, revise and maintain its privacy and security policies and procedures.
Ensure Effective Data Protection Download our 30 Day Free Trial
Compliance & Legalities around Data Protection for Businesses
Corporate Governance Compliance and the requirements around Data Protection have become increasingly important to businesses globally due to the consequences of being non-compliant, as well as the often devastating results of data loss, data theft or unauthorized access to confidential files.
Often data protection and effective data management is interpreted as an insurance policy, however, as enterprises become aware of the multiple productivity and cost-savings benefits of employing an effective data protection solution- this perception is shifting.
Data loss in organizations is also becoming an increasingly prevalent problem, with over 50% of companies losing data in 2011.
Data protection and Corporate Governance Acts and Requirements can be long and difficult to digest and complicated to drill down to actionable items, and to see immediate business benefits. However, without securing & protecting your company data and – the personal and organizational consequences can be detrimental.
There are certain requirements & guidelines that all companies must follow:
Failings highlighted include:
In short, the auditor-general (AG) found that practically none of South Africa’s national government departments and public sector entities have sufficient IT systems in place.
Compliance & Legalities around business Data Protection in South Africa
Protecting data correctly and effectively is a paramount business continuity imperative. Not only do organizations with ineffective data protection strategies face the immediate costs and productivity interruption of data loss, they leave themselves vulnerable to data theft, unauthorised access to confidential files and are liable for legal penalties and criminal consequences due to failed corporate governance compliance.
Responsibility for protection of data cannot be left as IT’s problem- stewardship and buy-in is required at an executive level to avoid negligence, prevent reputational damage and to implement a solution that addresses areas of vulnerability.
The reality of data mismanagement is increasingly consequential. Failure to address your organization’s risks with urgency only increases exposure and the probability of suffering financial and legal penalties.
Often however, Acts and Reports are long-winded, making them difficult to digest and complicated to drill down to tangible and actionable items. However, without securing your data and ensuring that your data protection covers all the bases- the personal and organizational consequences can be detrimental.
We’ve broken down the main Acts and Reports pertaining to data protection in enterprise environments and placed them in the table above as an easy reference, there are certain guidelines & requirements that all companies must follow:
For an introduction to HIPAA read our comprehensive blog on HIPAA compliance
In order to prevent unauthorised access to private information, Health Care institutions need a reliable endpoint data backup software security solution.
Data that isn’t effectively protected is left vulnerable to data breaches and data loss- negating any attempts at data privacy and resulting in HIPAA non-compliance.
Loss of user data is a pervasive security problem among global companies, according to a survey released by Ponemon Institute and Vontu, a San Francisco-based provider of data loss prevention products[1]
According to the survey, which queried nearly 500 information security professionals, Eighty-one percent of companies reported the loss of one or more laptops containing sensitive information during the past 12 months,
Lost data can result in:
The kind of user data protection solutions required to protect health care data in the modern, mobile, world are endpoint device focused – developed ‘from the ground up’ to provide IT with a simple, reliable and rapid response tool to secure, backup and recover data from laptops, desktops and other devices.
HIPAA compliance is a legal imperative for all health plans or health care providers who transmit health information in electronic form. Failure to comply with HIPAA regulations results in financial penalties, legal action and reputational damage.
One of the most actionable aspects of HIPAA is effective protection of patient data. Not only can an organization implement solutions that address data security, but tangible operational benefits can be derived from these solutions, while removing the risk of data loss or data breach and the resulting failure to comply with legislation.
HIPAA covered Entities require the following four basic foundational benefits, in accordance with compliance needs, from a data protection solution:
Having an endpoint solution that ensures GRC and compliance is increasingly important due to stringent regulations and the legal consequences that can result from negligence. An organization’s inability to comply often leads to reputational damage and can mean serious consequences if confidential data is lost and accessed by unauthorized parties.
Cibecs addresses Corporate Governance compliance by:
Cibecs enables a company to report on back-up activities, thereby demonstrating that the company is pro-actively addressing the risks associated with loss of data and critical business information.
What’s next?
8 winning strategies for endpoint data continuity: #8 Addressing the risk of access to confidential business data
Visit our comprehensive Data backup and recovery resources
This post is an overview of King III Requirements in South Africa
Our other Compliance Resources
Breakdown of all Company GRC Compliance Requirements
Our free Data Risk Assessment App – Understand your business risk
Compared to the 800 pound, legal gorilla called the Sarbanes-Oxley Act, King III comes across as something of a softie in the world of corporate governance.
It’s not legislated and therefore not enforceable. Moreover, it takes the mild stance of “apply or explain” over “do or else”. However, a deeper inspection reveals a subtle and intelligent approach to ensuring its adoption. It should also be noted how King III compliance provides companies with multiple benefits – operational efficiency and assists in ensuring effective data protection,
As technology becomes more pervasive and critical to business success, the hairy creature that is GRC also gains in its complexity. Legislation surrounding various aspects of corporate governance, especially the management of business critical and personal data, further adds to the risk mix that companies are exposed to.
South African Judge Mervyn King identified this exposure and has, since 1994, led the way in establishing an (internationally recognized) benchmark by which boards of directors could measure their compliance in all aspects of business.
The King III Report is his latest offering, with a greater focus on IT governance – separating the “information” and “technology” components to assist companies in managing this critical business component.
According to the report, “The board should understand the strategic importance of IT, assume responsibility for the governance of IT, and place IT governance on the board agenda.” King III strongly emphasises the point that, when it comes to GRC, a company’s board of directors can delegate responsibilities and functions of it but, ultimately, they are accountable for it.
1-10 of 10
Tuesday, April 17, 2012
PPI Readiness & Business Compliance: 7 Key areas for consideration
Wednesday, March 28, 2012
Best practice for addressing 3 common Data Management challenges
Thursday, February 9, 2012
Best practice for addressing 3 common Data Management challenges
