By using this site, you agree to the Privacy Policy and Terms of Use.
Accept
Health Works CollectiveHealth Works CollectiveHealth Works Collective
  • Health
    • Mental Health
  • Policy and Law
    • Global Healthcare
    • Medical Ethics
  • Medical Innovations
  • News
  • Wellness
  • Tech
Search
© 2023 HealthWorks Collective. All Rights Reserved.
Reading: In the Wake of a Healthcare Data Breach
Share
Notification Show More
Font ResizerAa
Health Works CollectiveHealth Works Collective
Font ResizerAa
Search
Follow US
  • About
  • Contact
  • Privacy
© 2023 HealthWorks Collective. All Rights Reserved.
Health Works Collective > eHealth > In the Wake of a Healthcare Data Breach
eHealth

In the Wake of a Healthcare Data Breach

onlinetech
onlinetech
Share
5 Min Read
Guide to Privacy and Security of Health Information
SHARE

We hear all about what went wrong when a (typically unencrypted) HIPAA violation occurs – who left what mobile device where – what data was made publicly available, who’s to blame. But what’s more important is remediation, and how someone or some organization chooses to react after the event in order to prevent future incidents.

We hear all about what went wrong when a (typically unencrypted) HIPAA violation occurs – who left what mobile device where – what data was made publicly available, who’s to blame. But what’s more important is remediation, and how someone or some organization chooses to react after the event in order to prevent future incidents.

HealthCareInfoSecurity.com reports on the recent Utah Department of Health breach in which foreign hackers were able to access and remove 24,000 files of electronic protected health information (ePHI) on a server due to a configuration error [read more about Server Hack Leads to HIPAA Violation by Utah Department of Health]. Utah Gov. Gary Herbert recently announced his action plan toward security and compliance:

  1. Replaced the state’s chief technology officer
  2. Hired Deloitte & Touche to conduct an independent security audit (also known as an independent HIPAA audit) across all of the state agencies
  3. Encryption of not just data in transit, but all stored data
  4. Plans to hire a public relations firm to help handle crisis communications
  5. Improvement of security controls, including network monitoring and intrusion detection capabilities
  6. Created a new position – a health data security ombudsman (may also be known as a privacy and security officer) to deal with affected individuals

The Office of the National Coordinator for Health Information Technology (ONC) recently revealed a ten-step plan for healthcare organizations to follow in order to protect PHI – the second step requires compliance-minded companies to:

More Read

How Big Data Can Be Used To Prevent Fatal Heart Attack
Healthcare Data Breaches Up 32%
Social Media Summit at Mayo Clinic: Final Day Exclusive Report
6 Benefits of Becoming Accredited
VA Encourages Employee Use of Social Media

Step #2 – Provide Leadership
Designate a privacy and security officer. This person will be responsible for developing and maintaining your privacy and security practices to meet HIPAA requirements. This person should be part of your EHR adoption team and be able to work effectively with others. In a very small practice, you may be the privacy and security officer or your practice manager may carry both roles. Be sure to:

  • Record the assignment in a new security documentation, even if you are the officer.
  • Discuss your expectations and their accountability. Note that you, as a covered health care provider, retain ultimate responsibility for HIPAA compliance.
  • Enable your designated security person to develop a full understanding of the HIPAA Rules so (s)he can succeed in his/her role.
Guide to Privacy and Security of Health Information

Guide to Privacy and Security of Health Information

While HIPAA has been around for 16 years, it hasn’t always been available in the form of an actionable plan, or even very easy to understand. The ONC has created a Guide to Privacy and Security of Health Information as a comprehensive roadmap to compliance and to understanding the implementation of the more complex legal requirements.

Another great guide to outsourcing your HIPAA hosting to a third-party business associate is Online Tech’s HIPAA Data Centers white paper. The document addresses cost-benefits and other advantages of outsourcing while weighing them against the risks.

HIPAA White Paper

HIPAA White Paper

It also provides valuable technical and business advice for any healthcare organization that needs to secure ePHI while meeting compliance standards, with an example BAA (business associate agreement) and a data center cheat sheet simplifying what each audit means. Download the white paper here.

If you prefer to hear a dialogue between experts on the subject, including attorneys specializing in Health IT, sign up for our free, upcoming webinars scheduled in June. Find more details here:
FDA Regulation of Mobile Health Devices
Healthcare Security Vulnerabilities

References:
Utah Breach: Governor Takes Action
ONC’s Guide to Privacy and Security of Health Information (PDF)

TAGGED:data breach
Share This Article
Facebook Copy Link Print
Share

Stay Connected

1.5kFollowersLike
4.5kFollowersFollow
2.8kFollowersPin
136kSubscribersSubscribe

Latest News

dental care
Importance of Good Dental Care for Health and Confidence
Dental health Specialties
October 2, 2025
AI in Healthcare
AI in Healthcare: Technology is Transforming the Global Landscape
Global Healthcare Policy & Law Technology
October 1, 2025
Choosing the Right Swimwear for Health and Safety
News
September 30, 2025
sports concussions
Concussion In Sports: How Common They Are And What You Need To Know
Infographics
September 28, 2025

You Might also Like

What Defines Someone as Health Literate?

January 21, 2013
A person using a laptop
BusinessDiagnosticseHealth

Your Digital Marketing Tool Belt for Clinical Trial Recruitment: Paid Ads (Search and Social)

February 17, 2016
eHealth

More on Patient Centric Medicine

May 29, 2012

2012 Medicare Physician Fee Schedule Final Rule Important for Telemedicine

December 12, 2011
Subscribe
Subscribe to our newsletter to get our newest articles instantly!
Follow US
© 2008-2025 HealthWorks Collective. All Rights Reserved.
  • About
  • Contact
  • Privacy
Welcome Back!

Sign in to your account

Username or Email Address
Password

Lost your password?