the phi project the financial impact of breached
play

THE PHI PROJECT THE FINANCIAL IMPACT OF BREACHED PROTECTED HEALTH - PowerPoint PPT Presentation

THE PHI PROJECT THE FINANCIAL IMPACT OF BREACHED PROTECTED HEALTH INFORMATION A BUSINESS CASE FOR ENHANCED PHI SECURITY THE PHI PROJECT REQUIRED: Enhanced programs for safeguarding Protected Health Information (PHI) WHO:


  1. THE “PHI PROJECT” – THE FINANCIAL IMPACT OF BREACHED PROTECTED HEALTH INFORMATION A BUSINESS CASE FOR ENHANCED PHI SECURITY

  2. THE “PHI PROJECT” REQUIRED: Enhanced programs for safeguarding Protected Health Information (PHI) WHO: Guardians of the trust forming the foundation of the health care delivery system SOLUTION: Information and tools to develop a compelling business case for requesting investments and resources to ensure PHI privacy and security

  3. 100+ EXPERT PARTICIPANTS 70 ORGANIZATIONS • American National Standards Institute (ANSI) • via its Identity Theft Standards Panel (IDSP) • The Santa Fe Group/Shared Assessments Healthcare Working Group • Internet Security Alliance (ISA) • Health care industry leaders • Security and privacy experts

  4. APPROACH BASED ON SUCCESS OF PRIOR PROJECTS

  5. WHAT MAKES HEALTH CARE WORK? Availability Integrity Trust Confidentiality

  6. THE PROBLEM IS…..BREACHES • Between 2005 & 2008: nearly 39.5 million electronic health records • In the past two years: the privacy of 18 million Americans • In the period September through November of 2011: ü health records of 4.9 million military personnel, ü 4 million patients of a health care system, and ü 20,000 patients of an academic medical center • 72 provider organizations in a November 2011 survey: ü 96% : at least one data breach in the past 24 months ü On average: 4 data breach incidents during past two years

  7. WHAT’S HAPPENING?

  8. THE RAMIFICATIONS… For the first time in history, it is possible to: • Improperly disclose PHI of millions of individuals “in a matter of seconds,” • Steal health information from a virtual location, and • Breach PHI in a manner that makes it impossible to restore.

  9. WHY STEAL PHI? • Physician ID numbers are Ø Medicare fraud estimate? $60B/ year used to fraudulently bill for services Ø Majority of clinical fraud? Obtain prescription narcotics for • Patient ID information is illegitimate use lent to friends or relatives Ø ~5% of clinical fraud: Free health in need of services care Ø Patient ID Information: $50/record • Patient ID numbers are Social Security number: $1 sold on the black market Ø Average Payout for defrauding a health care organization: $20,000 Regular ID theft? $2,000

  10. TOP ELEMENTS THREATENING PHI SECURITY Human Methods • Malicious Insider • Lost / Stolen Media • Non-Malicious Insider • Outsider Intrusion • State-Sponsored Cyber • Dissemination of Data Crime • Mobile Devices • Wireless Devices Evolving Stakeholders • BAs and Subcontractors • Cloud Providers • Virtual Physician’s Office

  11. SAFEGUARDS AND CONTROLS ARE WELL KNOWN…

  12. SO WHAT’S HAPPENING? PHI PROJECT SURVEY FINDINGS

  13. THE LAWS ARE COMPLEX PHI PROJECT SURVEY FINDINGS

  14. COMPLIANCE IS NOT EASY PHI PROJECT SURVEY FINDINGS

  15. STUMBLING BLOCKS TO A STRONG SECURITY POSTURE PHI PROJECT SURVEY FINDINGS

  16. WHY A MODEL? • Published average cost of a data breach exist, but relevant to all? • This model provides an opportunity to: ü Be specific to an organization ü Calculate what a breach might actually cost, and ü Build a compelling business case for strengthening a compliance program

  17. PHI PROJECT REPORT Table of Contents 1. The Progression of the Health Care Ecosystem 2. The Evolution of Laws, Rules, and Regulations 3. PHI Data Breach Landscape 4. Threats and Vulnerabilities 5. Safeguards and Controls 6. Survey Findings: Current Practices and Attitudes 7. PHIve –The 5-Step Method of Data Breach Costing 8. Calculating the Cost of a PHI Breach Using PHIve 9. Finale 10. Appendices

  18. THE PHI VE MODEL: BUILDING A BUSINESS CASE FOR ENHANCED SECURITY

Recommend


More recommend