Operationalizing Data Breach Policies and Processes in a Healthcare Setting
According to a May 2016 report from the Brookings Institution, 23% of all reported data breaches occur at healthcare organizations.
Healthcare organizations are dually challenged when it comes to compliance: this is an industry that depends on access to highly sensitive data (both protected health information and personally identifiable information), and it is an industry that operates within a highly regulated field, including HIPAA/HITECH requirements and the possibility of an audit by the Office for Civil Rights and ending up on the so-called “Wall of Shame.”
Under Attack – and Under Prepared
In the 6th Annual Benchmark study of Privacy and Security Healthcare Data, it was reported that almost 90% of healthcare organizations have been hit by a breach in the past two years, costing the industry an estimated $6.2B. This significant price tag is considered by some to be one of the costs of business in today’s world, where sensitive information is continually at risk for exposure.
In that same study it was reported that, despite evidence of how prevalent data breaches are, half of the surveyed organizations reported to have “little or no confidence” that they can detect all patient data loss or theft.
These figures help to illustrate that, if your organization doesn’t have a fully developed incident response process to identify and respond to possible data breaches, you are not alone. Efficiently and effectively managing privacy and security incidents has become an important way to maintain trust and prove compliance while avoiding regulatory fines and reputational damage.
Webinar: Operationalize Compliance, Reduce Risk
What data breach policies and processes can you put in place now, before an incident has occurred?
Join experts from PolicyMedical, a policy and contracts management software company, and RADAR, an incident response management platform, as they discuss operationalizing compliance within your organization, spanning from preventative measures and tabletop trainings to responding if and when a breach occurs.
You will learn how often to update current policies, track changes, and disseminate the most current policy versions.
You will also learn what to do in the case of an incident: from tracking your investigation, to making a breach determination based on a multi-factor risk assessment that takes into account changing state and federal regulations.
Meet Our Panelists:
Alex Wall, Esq., CIPP/E, CIPP/US
Alex Wall is the Senior Counsel and Global Privacy Officer at RADAR. He leads the internal legal and data privacy compliance functions for RADAR, contributing his passion for problem-solving to product and content development as well as client service. Alex brings a unique mix of legal and technical know-how honed through commercial litigation at Fried Frank, LLP; as general counsel and manager for growing businesses providing Software as a Service; and also as outside counsel and solo entrepreneur. Alex holds a J.D. from the University of Maine, a B.A. from Colby College, and CIPP certifications in data privacy for the U.S. and European Union.
Tom Leahy is the SVP, Sales and Business Development for PolicyMedical. He formerly co-founded, and was the EVP of Sales and Marketing for Quantros. His core competencies include managing a team of regional territory managers and sales staff to uncover synergies in matching the right solution to the right healthcare organization. Developing these opportunities as a means to improve the quality of care in the healthcare industry is Tom’s passion, as he has been a key force in establishing state hospital association partnerships and joint agreements with several healthcare IT vendors.