The Department of Health and Human Services just fined BlueCross BlueShield of Tennessee $1.5 million for lack of encryption of over 1 million patent records on stolen hard drives. The Health Insurance Portability and Accountability Act of 1996 (HIPAA) Privacy and Security Rules requires patient records be secure and protected. This case shows the financial impact of such an investigation, which is well beyond the $1.5 million fine, at an estimate of $17 million to support the case, as well as the notification and management of the security breach.
Sound policies are important. Many organizations have yet to implement policies that ensure compliance with HIPPA, or SOX, or whatever regulatory policy impacts your industry. Lack of policy is a major liability that will hurt every organization down the road. Understanding data assets and managing them accordingly is critical to managing these liabilities. Implementing a defensible deletion strategy will clean up legacy content that should not be retained. Proactively deploying sound information governance initiatives will protect every firm from such fines and penalties. Read Article
Learn more about Index Engines