Insurance & Technology: The Blog: Good Enough for Government Work: Another PHI Security Breach

Face-to-Face Events:
November 2-5, 2008
Insurance & Technology's 10th Annual Executive Summit

Online Events:
October 16, 2008
Data Verification: The Whole Truth And Nothing But

October 30, 2008
Financial Services and Climate Change: Calculating Risks and Reducing Costs

November 04, 2008
Redefining the Economics of SOA for Insurance: Making Application Modernizaton Viable for the Business

Subscription Cust.Serv.

Staff
Comments
RSS News Feed
Privacy Statement
Reprints
Media Kit

2008 Editorial Calendar

« Has the IT Budget Worm Turned? | I&T Blog Home | Cultivating Innovation »

Good Enough for Government Work: Another PHI Security Breach
By Anthony O'Donnell
Mar 25, 2008 at 03:47 PM ET

One hopes that no insurers are without the password and encryption safeguards to protect personal health information (PHI). The government's HIPAA security guidance requires that PHI be protected, but the government has failed its own standard once again, this time by the actions or negligence of an employee of the National Institutes of Health.

The breach, involving medical information of 2,500 individuals, was caused when a laptop was lifted from the trunk of an NIH employee named Andrew Arai, who was dropping his daughter off at a swim meet. The trunk was locked, but the sensitive information contained in the laptop was not. As the Washington Post reports, "An initial effort by information technology personnel failed to encrypt the laptop before it was stolen and Arai neglected to follow up, according to NHLBI spokeswoman Susan Dambrauskas."

In this case the sheer number of records lost didn't rival the notorious loss of confidential information associated with the 2006 loss of a Department of Veterans Affairs laptop (or the much more recent security breach associated with Hannaford Bros. supermarket chain) but there is special embarrassment in the breach occurring on the watch of an organization that falls within the Department of Health and Human Services, which promulgated and polices HIPAA rules.

Apart from that dubious distinction, the NIH is much like other government operations, according to a GAO inquiry:

The incident is the latest in a number of failures by government employees to properly secure personal information. This month, the Government Accountability Office found that at least 19 of 24 agencies reviewed had experienced at least one breach that could expose people's personal information to identity theft.

However, in terms of sheer scale, the Americans still have something to learn from the British.

Topics: General News

COMMENTS

This is a public forum. CMP Media and its affiliates are not responsible for and do not control what is posted herein. CMP Media makes no warranties or guarantees concerning any advice dispensed by its staff members or readers.

Community standards in the message center do not permit hate language, excessive profanity, or other patently offensive language. Please be aware that all information posted to this forum becomes the property of CMP Media LLC and may be edited and republished in print or electronic format as outlined in CMP Media's Terms of Service.

Important Note: The Message Center is NOT intended for commercial messages or solicitations of business.


	Infrastructure Field Sales Systems Competition Document Management More >


	CSC Would like to congratulate this Year's Tech Savvy CEOs. More than 700 organizations rely on CSC�s industry-leading P&C software and outsourcing services to support growth and create new sources of business value. Backed by more than 30 years of experience, no other company is more skilled at delivering results for P&C companies. When you go with CSC, you become part of a vibrant community with thousands of insurance professionals focused on innovation. CSC makes business transformation practical. Learn more at csc.com/industries/insurance/casestudies.

INSURANCE & TECHNOLOGY CAREER CENTER

Function:
Information Technology
Engineering

Keyword(s):

State:

Post Your Resume
Employers Area
News & Features
Blogs & Forums
Career Resources

Browse By:
State | City

Most Recent Posts: open | close

WHITEPAPER
Insurance 2020: Now what?
In today�s competitive insurance industry, the challenges are many and there is much uncertainty.To survive and thrive, insurers must seek new models and strategic success that enable innovation and increase profitability.

MEDIA NETWORK

		InformationWeek Optimize Wall Street & Technology Insurance & Technology Bank Systems & Technology Government Enterprise Healthcare Enterprise TechWeb

RESOURCE CENTERS
	Policy Administration Resource Center Policy administration has become the focal point of many insurance companies� hopes and goals � in terms of gaining more insight into policyholders, and improving loyalty/retention � as well as their most difficult challenges, in terms of legacy systems issues, compliance and information management. Outsourcing Resource Center Find out from industry leading analysts what kind of value and cost savings outsourcing can provide to insurance companies by visiting Insurance & Technology's Outsourcing Resource Center, which also provides outsourcing best practices, timely research, case studies and more.

Topics:

InformationWeek Business Technology Network

Bank Systems & Technology Executive Summit


Ed Cals \| Contact Us \| Reprints \| Ad Info \| Media Kit \| Send Us Your Feedback \| RSS
Wall Street & Technology » Advanced Trading » Bank Systems & Technology » Insurance & Technology InformationWeek \| Informationweek Germany \| Network Computing \| TechWeb \| Intelligent Enterprise \| Dark Reading \| Light Reading \| Byte & Switch \| Internet Evolution \| bMighty \| Small Biz Resource
	Terms of Service Privacy Statement Your California Privacy rights Copyright © 2008 United Business Media LLC