Corporate Compliance

New tool could convince senior leaders to invest in privacy, security

Compliance Monitor, March 14, 2012

Covered entities (CEs) and business associates (BAs) now have a new method to convince senior leaders to invest in PHI privacy and security protections.

American National Standards Institute (ANSI), a private nonprofit, collaborated with The Santa Fe Group/Shared Assessments Program Healthcare Working Group, and the Internet Security Alliance (ISA) to create the free report. The "Financial Impact of Breached Protected Health Information: A Business Case for Enhanced PHI Security," released March 5, is available for free download.

The report includes the five-step PHIve – the PHI Value Estimator – which assesses security risks and evaluates the “at risk” value of an organization’s PHI. This tool estimates overall potential data breach costs and provides a methodology for determining an appropriate level of investment needed to strengthen privacy and security programs and reduce the probability of a breach occurrence.

CEs and BAs can use this information to make a business case for appropriate investments to better protect PHI.

“No organization can afford to ignore the potential consequences of a data breach,” Rick Kam, president and co-founder of ID Experts, and chair of the PHI Project, said in a statement March 5. “We assembled this working group to drive a meaningful dialogue on appropriate levels of investment to better protect healthcare organizations and PHI.”