Breach List Grows, Encryption Is Key
HEALTHCARE PRIVACY—U.S.April 26, 2011
GovInfoSecurity reports that the Office for Civil Rights' (OCR) list of major healthcare breaches--those affecting at least 500 individuals--has grown to 265 incidents affecting 10.8 million. In the past month, 16 breaches were added to the list, including the Health Net and Eisenhower Medical Center incidents that totaled 1.9 million and 514,000 individuals, respectively. The report suggests these cases have highlighted the need for encryption, which one security expert calls "the single best way to protect sensitive data." Under HITECH, healthcare facilities with major breaches are required to report them to the OCR within 60 days; however, breaches of data encrypted "using a specific standard" do not need to be reported, the report states.