The American National Standards Institute and Shared Assessments Program have helped launch a new program to explore the financial impact of unauthorized access to personal health information.
The investigation is spearheaded by ANSI, via its Identity Theft Prevention and Identity Management Standards Panel, in partnership with the Healthcare Working Group of the Shared Assessments Program, which was created by leading financial institutions, the Big Four accounting firms and key service providers to incorporate standardization, consistency, speed, efficiency and cost savings into the provider assessment process.
[See also: Healthcare patient data breaches cost U.S. $6B annually.]
The goal for the ANSI/Shared Assessments PHI Project is to identify frameworks for determining the economic impact of any disclosure or breach of protected patient data.
The project, launched last week with a meeting of its advisory committee, brings together data security companies, identity theft protection providers and research organizations, legal experts on privacy and security, standards developers and others.
The effort will culminate in a report targeted at those responsible for and entrusted with protecting and handling PHI. It will be designed to help inform the healthcare industry in making investment decisions to protect PHI, as well as improve responsiveness if and when this patient information is breached.
[See also: Security breaches prove costly for California hospitals.]
"Organizations that are custodians of healthcare data are grappling with how to calculate their risk exposure when PHI is lost or stolen," said Rick Kam, president and co-founder of Portland, Ore.-based ID Experts, who is chairing the initiative. "The ANSI/Shared Assessments PHI Project will inform their investment decisions to protect PHI and will provide guidance on how to respond if this data is compromised."
The group plans to identify existing legal protections related to PHI, defining points of compromise in the healthcare ecosystem where there are risks of exposure and assessing the financial impacts of the disclosure of PHI. A survey is also contemplated to support the fact-finding process.
Industry experts are invited to participate in the next meeting, via a two-hour conference call on April 7 from noon to 2 p.m. Eastern. Interested parties can send an email to idsp@ansi.org to join in the work effort. There is no fee to participate, and most of the work will take place via conference call over the next few months.