[ Thursday, January 28, 2016 ]
You don't have to be a healthcare company to have a health data breach.
Jeff [12:38 PM]
Lots of companies have health data, and if your company has an ERISA employee health benefit plan, the plan
is a covered entity, even if the company has nothing to do with healthcare.
The tips at the end are particularly apropos for any company holding data. Know what you have and why; get rid of data you don't need; encrypt or de-identify data you keep; use smart, layered security; and monitor access. I'd also add that you should monitor system use and data flows, looking for any unusual activity or communications. That can indicate that even though your fences may be good, someone's gotten in and might be doing something they shouldn't.
Blogger: HIPAA Blog - Edit your Template