Protect personal health information in motion, in use and at rest with HP access,
authentication, authorization and audit solutions.
Executive summary
According to a 2008 study by the independent privacy, data-protection and
data-security technologies research firm Ponemon Institute, the healthcare industry
is among the top three industries most frequently victimized by data breaches.1
Healthcare entities have largely ignored the Health Insurance Portability and Account-
ability Act (HIPAA) and the associated security framework necessary to safeguard
protected health information (PHI). But the newly implemented HITECH Act gives
HIPAA new life. The Act is emphasizing accountability, raising breach response costs
and increasing penalties for data breach to as high as $1.5 million. Not only can
a data breach carry huge medical and financial risks to the people whose data is
lost—it can also severely damage a healthcare entity’s brand.
Many organizations think that traditional IT security and compliance are sufficient safety
measures for PHI. However, a recent study by PricewaterhouseCoopers2 found that
only 5 percent of data breaches are caused by malicious cyber attacks, almost 55 per-
cent are linked to human error and 44 percent are due to third-party handling of data.
The study also revealed that 70 percent of all organizations do not have an accurate
inventory of where personally identifiable information (PII) in their custody is stored. With
the complex web of organizations involved in providing healthcare services, this is
a critical issue for the healthcare industry.
HIPAA and the HITECH Act
In 2009, the new Health Information Technology for Economic and Clinical Health (HITECH) Act
took effect. HITECH requires healthcare organizations to take more responsibility for protecting
patient records and health information. The Act widens the scope of privacy and security protections
available under HIPAA, increases potential legal liability for non-compliance and provides more
enforcement of HIPAA rules. The HITECH Act seeks to streamline healthcare and reduce costs
through the use of health information technology, including the adoption of electronic health records.
