HIPPA & Data Theft: The Ongoing Fight

HIPPA & Data Theft: The Ongoing Fight

In 1996, the Health Insurance Portability and Accountability Act, HIPPA, became federal law. The Tennessee Department of Health website has, perhaps, the clearest definition of HIPPA: “The primary goal of the law is to make it easier for people to keep health insurance, protect the confidentiality and security of healthcare information, and help the healthcare industry control administrative costs.”

For the purpose of this blog, we will concentrate on the dialog stating "protect the confidentiality and security of healthcare information".

Those are not many words, but they have many implications. HIPPA describes healthcare information as protected health information or "PHI".

According to HIPPA, PHI contains the following information about a patient, a patient’s household, and the patient’s employers:

  • Names
  • Dates relating to a patient. These can be birthdays, dates of medical treatment, admission and discharge dates, and even dates of death.
  • Telephone numbers, addresses, including city, county or zip code, fax numbers, and other contact information.
  • Social Security numbers.
  • Medical records numbers.
  • Photographs.
  • Finger and voice prints.
  • Any other uniquely identifying number or numbers.

That is a lot of information to protect.

Furthermore, PHI can describe a disease, diagnosis, prognosis, or condition of an individual, and can exist in various media, such as voicemail, email, or fax messages.

Despite the good intentions of HIPPA, the great volume of information which has to be protected invites all types of criminal activity, especially computer crime. On top of this nefarious list are identity thieves and social engineers, as well as other computer criminals.

Huge profits can be made by the buying and selling of stolen medical information.

In my next blog post, we will examine how HIPPA attempts to protect PHI, as well as what entities must comply HIPPA.

Sources: HIPPA: Health Insurance Portability and Accountability Act

Recommended Posts | Data Loss Prevention

USB Security Problems


What You need to Know about the USB Security Problems

Manufacturers of USB devices ship more than 3 billion devices around the world each year. The USB flash drives are used for data storage, transferring files, and backing up small amounts of data. When the first USB drives hit the market, they had a storage capacity of 64 to 128Mb of data ...
Top 5 Endpoint Security Tips

Top 5 Endpoint Security Tips

How to protect their security systems from attack? The weakest link of all this is endpoint security. Endpoint security is way of approaching the process of specifically protecting your critical systems or information. 5 tips to help increase your company's endpoint security ...
Invest in Data Loss Prevention

Care To Invest In Data Loss Prevention

Organizations underestimate the need for the involvement of non-IT units. Prevention against data loss (DLP or "Data Loss Prevention"), normally provided by the manufacturers together with network appliances, continues to be a very expensive technology, which compels organizations to spend big money ...
Been Hacked

5 Essential Steps to Take After You've Been Hacked

If your PC or laptop has been hacked and infected with some kind of malware (like virus) you have to save your files from the process of being destroyed and, minimize the risk of your PC (or laptop) from being used to spread malware and potentially damage other computers ...