Did you get a $100,000 fine for a data breach?

Actually, what is a breach?

Almost every day the news carries a story about a company that has had a “Breach” of their security and PHI has been disclosed. There are so many of them that most go unreported now and only the really big ones get any attention. But what exactly is a breach anyway?

Technically it is “make a gap in and break through …”, so whales breach the surface, people regularly breach their contracts, and babies who come out bottom first, yikes, are “breach birth.” But those are not what the news is talking about!

Breach in the case of PHI and HPIAA (I will define those in a minute) means somebody did not protect the information they have on themselves and other people that they are legally responsible to care for.

So now you ask me “Then Bill a breach might not be just somebody getting into our computer?”

Move to the front chair, you caught the brass ring on that one! (Antique reference to Merry go Rounds for the younger readers)

Yes, a breach can be as simple as sending somebody your log in credentials in an open email. “Who would be watching my email, I’m no big deal?” The bad guys do not have to watch “your” email, they just run a bot that looks for email patterns that look like passwords.

In our case we tell employers every day we will provide a secure format to transmit information to us. They ignore that and then send us a census with every employee’s personal information, including all of their identifying data. By anybody’s definition that is a breach.

It discloses PHI – “PHI is any health information that can be tied to an individual..(Google)”

It violates HIPAA – “HIPAA is the acronym for the Health Insurance Portability and Accountability Act (Hipaastore.com)”

And that causes this “The penalties for noncompliance are based on the level of negligence and can range from $100 to $50,000 per violation (or per record)(Truevault.com)”

Life has truly become a regulatory minefield, but unlike abandoned war mines, there are maps for HIPAA and other legal mines. And this is where I again stress the importance of professionals in your life. Not every “Professional” is the same so you need to do your own due diligence but the stakes are high and violation costs can put you out of business so the search is worth the effort.

And, of course, you can always contact me and say “what was that thing you wrote about, I’m confused.”

Share this:
Share this page via Email Share this page via Stumble Upon Share this page via Digg this Share this page via Facebook Share this page via Twitter
Print Friendly, PDF & Email

Comments are closed.