Are you 100% certain you know where your data is stored?
If not, how do you know the data is secured?
Find that ePHI
Loricca’s Data Risk Assessment (eDiscovery) service helps organizations locate certain business-critical or protected information within their IT systems and networks.
Alaska DHSS settles HIPAA security case for $1,700,000.
According to www.hhs.gov enforcement examples the Alaska DHSS agreed to pay $1,700,000 to the US Department of Health and Human Services to settle potential violations of the Health Insurance Portability and Accountability Act of 1996 (HIPAA) Security Rule. In summary a breach report indicated that a portable electronic storage devices (USB hard drive) possibly containing ePHI was stolen from a vehicle of a DHHS employee. During the investigation OCR found that DHSS did not have adequate policies and procedures in place to safeguard ePHI. They hadn’t completed a risk analysis, implemented risk management measures or trained employees. Since they couldn’t prove that ePHI, at least less than 500 records did NOT exist on the hard drive or that the records were encrypted they were fined as if there was more than 500 records that were not encrypted. Along with the necessary policies and procedures evidence of compliance through ediscovery may have resulted in a reduced fine.
Utilize a Data Risk Assessment through eDiscovery and protect your Personally Identifiable Information (PII)
Loricca will perform PII searches to identify and protect sensitive data on systems, computers, and servers. These searches will reveal possible preventative and remedial measures that should be taken to secure and protect this data. We can identify occurrences of Social Security Numbers (SSNs), credit card numbers, information designated as ‘protected’ and other types of sensitive data.
Loricca can perform a Data Risk Assessment on any digital information or data that is created, stored or processed/utilized in an electronic form with digital technology.
Protect and Restrict Access to PII/ePHI
Once Loricca has identified the sensitive personal information maintained by the organization, the client is able to securely encrypt, shred, redact or quarantine the data. Regular monitoring and auditing of employee access to personal information will allow compliance officers to ensure that the comprehensive information security program is operating in a manner reasonably calculated to prevent unauthorized access to or unauthorized use of personal information. Loricca assists IT/network administrators to enforce secure access control measures that restrict access to records and files containing personal information to those who need such information to perform their job duties.