Manatt Partner Answers Government Health IT's Questions on Data Breach Notifications
"Q&A: On the Delicate Dance of Data Breach Notification"Government Health IT
July 16, 2012 - In a special Q&A session, Government Health IT turned to Manatt's Robert Belfort, a partner in the firm's Healthcare Division, for insight into how hospitals and public health departments can determine when it is necessary to issue a data breach notification.
Belfort spoke to Government Health IT about avoiding notification fatigue, accounting disclosures and existing uncertainty. When asked what are the heartiest challenges hospital and public health department CIOs face in terms of privacy and security, Belfort responded:
"One big challenge is the proliferation of mobile devices and the accessing of data on a wider array of portable devices. If you look at the reported breaches that have been submitted to HHS a fair number of them involve portable media devices. Lost laptops, lost CDs, lost phones, things like that. And part of the problem is that the encryption standard under HIPAA has been an addressable standard, meaning it's not a hard and fast requirement, rather it's supposed to be something that providers assess their ability to comply with and comply with if feasible but it's not an absolute requirement and that has created some opportunity in organizations for people to take the obligation to encrypt on mobile devices maybe less seriously. It continues to amaze me to see reported breaches involving lost laptops, CDs or thumb drives when encrypting the data on those devices is not difficult and encrypting it insulates you from having to do breach notification. That is still a pervasive problem so securing information on portable and mobile devices would be up near the top of my list for challenges for CIOs."
Belfort also discussed matters such as the security risks posed by mobile devices, the addressable encryption standard under HIPAA, what constitutes a data breach, and the negative consequences of notification.
Read the article here.