ANSI Project Explores Impact Of Unauthorized Health Info Access
The American National Standards Institute (ANSI) and the Shared Assessments Program earlier this week launched an initiative aimed at exploring the financial impact of unauthorized access to personal health information (PHI). Conceived with a goal of identifying frameworks for determining the economic impact of any disclosure or breach of protected patient data, the ANSI/Shared Assessments PHI Project is being spearheaded by ANSI, via its Identity Theft Prevention and Identity Management Standards Panel (IDSP) and by the Shared Assessments Program through its Healthcare Working Group. The former was created by leading financial institutions, the Big Four accounting firms (Deloitte and Touche, Ernst and Young, KPMG, and PricewaterhouseCoopers) and key service providers to incorporate standardization, consistency, speed, efficiency, and cost savings into the provider assessment process. The project involves professionals from across the industry; participants represent data security companies, identity theft protection providers and research organizations, legal experts on privacy and security, standards developers, and others. It will culminate in the release of a report targeted at those responsible for and entrusted with protecting and handling PHI. This will help to provide additional, actionable information to healthcare industry players as they formulate investment decisions to protect PHI, as well as to improve their overall responsiveness if and when this patient information is breached. “Organizations that are custodians of healthcare data are grappling with how to calculate their risk exposure when PHI is lost or stolen,” states Rick Kam, president and co-founder of Portland, Ore.-based ID Experts, who is chairing the initiative. “The ANSI/Shared Assessments PHI Project will inform their investment decisions to protect PHI and will provide guidance on how to respond if this data is compromised.” The group plans to address the problem of PHI compromise by identifying existing legal protections related to PHI, defining points of compromise in the healthcare ecosystem where there are risks of exposure, and assessing the financial impacts of the disclosure of PHI. A survey to support the fact-finding process may also be conducted in the course of the group’s work, Kam reports.