Computing Increase Healthcare Concerns Over Data Loss

Asigra Inc. cited new research that reveals significant growth in digital threats to patient health information (PHI).

Recent findings now show that while approaches to patient data protection have evolved over the past several years, the aggressive transition to electronic health records (EHR) and the consumerization of IT have resulted in greater digital threats to patient privacy.

According to a 2012 Healthcare Information and Management Systems Society (HIMSS) Analytics report titled Security of Patient Data, "Data breaches not only risk revealing patient health information, they also open up those whose information is compromised to identity theft, fraud and other violations. While hospitals are stepping up to regularly audit their monitoring and response procedures, reports of data breaches are on the rise."

                           Item that most puts data at risk

In 2012, 16% of respondents noted that note of the items on this list put data at risk.

Among the 207 data breaches that affected more than 500 healthcare organizations over the past 12 months, 27% reported a security breach compared with 19% in 2010 and 13% in 2008. 69% of the organizations that experienced a breach in the last year reported experiencing more than one breach. When asked about the factors contributing to healthcare industry data breaches, 31% cited the use of mobile devices to store health information and 28% cited the sharing of health information with third parties.

The financial impact of a PHI breach is now a significant issue for healthcare organizations as a result of the Red Flags Rule and The American Recovery and Reinvestment Act of 2009’s Health Information Technology for Economic and Clinical Health Act’s (ARRA HITECH) Breach Reporting requirement. While the costs of responding to a data loss event can be exceedingly high, healthcare leaders are now confronted with laws in some states  that require remuneration of one thousand dollars per patient, per breach. This has resulted in a number of class-action lawsuits where the possible liability may surpass U.S. $4 billion.

Addressing challenges related to secure and compliant end-to-end protection of patient health information, Asigra supports healthcare professionals with backup data encryption in-flight and at-rest. As the first solution of its kind to receive FIPS 140-2 certification, Asigra Cloud Backup has emerged as an option to protect laptop and mobile device data for those organizations integrating wireless computing endpoints into their IT environments.

With mounting pressure to comply with regulatory mandates and improve disaster recovery practices, Asigra Cloud Backup compares against traditional solutions in the areas of security, compliance, reliability, efficiency, and ease-of-use. Developed for security conscious organizations, it delivers end-to-end encryption across all protected systems, including servers, workstations, desktops, laptops, tablets and smartphones. Security features include agentless installation and management, encryption key safeguarding, password management and rotation, digital signatures for every file and block of data as well as the destruction of data based on certificate of destruction policies.

Compliance features include:

• AES 256 Encryption of backup data on PC, laptop and mobile devices
• Encryption of backup data exported to removable media
• Encryption of emails stored in backup sets
• Encryption of file and database data stored in backup sets
• Security of EHR stored in backup sets
• Regular monitoring and reporting to support compliance requirements
• Safe harbor support
• Reduction in operational costs associated with compliance

Asigra Cloud Backup supports Mac and PC laptops with DS-Notebook and DS-Mobile, mobile clients that are designed for laptops, allowing users to backup and recover their own data through intuitive wizards, anytime and anywhere. As users today are also generating and storing information on their mobile devices (tablets and smartphones), Asigra protects these devices with DS-Tablet and DS-Smartphone.Its approach allows healthcare IT to respond and protect all backup data as mandated by HIPAA, HITECH and PIPEDA, ensuring compliance requirements including Meaningful Use are met. Mobile device protection includes support for Apple iOS devices such as the iPad, iPod, and iPhone as well as Google Android-based tablets and smartphones.

"End-to-end encryption and secure management of backup data, especially involving laptops and other wireless devices, should be a priority for organizations as threats to sensitive information continue to grow," said Jason Buffington, senior analyst, Enterprise Strategy Group. "Healthcare professionals in particular must ensure the confidentiality and integrity of patient information by incorporating a comprehensive approach to backup data security into their overall risk reduction strategies. FIPS 140-2 certification by NIST demonstrates Asigra’s commitment to providing these organizations with high levels of protection against a breach."

"Healthcare IT is gradually embracing organizational mobility, and mobile data protection must be a foundational component of these deployments," said Doug Ko, director of Product Marketing and Strategic Alliances, Asigra. "While the consumerization of IT is increasing organizational agility and accelerating the ROI of mobility, it also increases concerns related to unauthorized access to sensitive information. Our strength in secure laptop and mobile data protection validates Asigra’s commitment and reinforces our leadership in this space."