http://ow.ly/6NdBw
An article by Neil Versel on Informationweek.com.
This article discusses a situation where back-up tapes were lost, and they contained a wealth of health information records of military personnel.
The article points out, "A data breach involving nearly 5 million people treated at military healthcare facilities over a 19-year period is raising questions about whether U.S. Federal Trade Commission (FTC) rules supersede Health Insurance Portability and Accountability Act (HIPAA) regulations.
Last week, Tricare, the managed care arm of the U.S. government's Military Health System, disclosed that contractor Science Applications International Corp. (SAIC) had lost backup tapes containing personally identifiable information--including some health data--of about 4.9 million people. The tapes contained data from electronic health records (EHRs) used at military hospitals, clinics, and pharmacies in the San Antonio area from 1992 until Sept. 7, 2011."
The article further states, ""It's clear that Tricare is trying to position this under Federal Trade Commission regulations, not under HIPAA regulations," Ruby Raley, director of healthcare solutions at IT integration and security company Axway, Scottsdale, Ariz., told InformationWeek Healthcare.
Unlike HIPAA, FTC regulations don't require entities to sign agreements with "business associates" that hold third parties to the same standards when handling sensitive data. Also, HIPAA regulations require organizations to provide a year of credit monitoring to anyone who may have been affected by a breach. "They're only [offering] fraud protection for 90 days," Raley said of Tricare."
0 comments:
Post a Comment