The federal "wall of shame" tally of major healthcare information breaches now lists 380 incidents affecting more than 18 million individuals. Meanwhile, yet another class action lawsuit has been filed in the wake of a breach.
The delay in the release of final versions of HIPAA modifications and the HIPAA breach notification rule makes it difficult for healthcare organizations to set information security investment priorities, says hospital privacy officer Kari Myrold.
As legal issues surrounding data breaches become increasingly complex, more organizations are turning to attorneys for post-breach response, says Lisa Sotto, a managing partner for New York-based law firm Hunton & Williams.
The lack of uniformity in federal and state privacy and security requirements is creating major challenges for health information managers attempting to comply, says Lynne Thomas Gordon, the new CEO of the American Health Information Management Association.
2011 has offered quite a number of tough lessons for security professionals. Here at (ISC)2, where security education is our focus, the close of another year raises the old teacher's question: "What have we learned, class?"
In addition to the negative publicity associated with being included on the federal tally of major health information breaches, some organizations are experiencing yet another impact of breaches: class action lawsuits.