- About PS&F
- Industry Focus
- Client Tools
- Education & Events
July 29, 2015
Michael Reph, Account Executive
Ryan Roberts, Account Executive
Effective July 24th, 2015, Washington State law H.B. 1078 amends the State’s data breach notification statue. The amendment:
These changes are important for management and directors of healthcare organizations to know, especially as the number of data breaches continues to increase (per the Identity Theft Resource Center). Whether it be personal healthcare information, SSN’s, or credit card information, understanding what is classified as secured (per the National Institute of Standards Technology) how to properly notify the appropriate parties, and what can be counted as an official breach is critical. For healthcare organizations, fiduciary responsibility of personally sensitive information storage is two-fold:
To ensure proper data breach response preparedness (and to show proper due diligence), your directors and leadership staff should be asking I.T. and key partners the pertinent questions now, before a breach occurs:
Proper documentation of these internal conversations (via minutes) and actions (i.e. having readily available system penetration testing results and documenting the actions shoring up weaknesses) will help defend the organization in federal and civil lawsuits, post-breach. It is important to note that historical lawsuits have shown that directors are not required to be experts in this area, but that they do need to rely on outside experts or expert internal management for advice when addressing these issues. The Ponemon Institute indicates that 90% of healthcare organizations had exposed their patients’ data or had it stolen in 2012 and 2013.
The ever-changing requirements in data breach notification requirements within Washington State, continued increase in the number and severity of cyber attacks, and increase in the size of federal lawsuit judgments make this an important topic which needs to be addressed by healthcare organizations, both large and small. Partnering with a well-versed risk consultant who understands both the pre and post cyber breach actions necessary to defend your organization will provide better organizational resiliency when your organization is attacked.
Should you have any questions about data liability and the impact a breach will have on your healthcare organization, feel free to contact one of our cyber liability experts here at Parker, Smith & Feek:
|Michael Reph||Ryan Roberts|
The views and opinions expressed within are those of the author(s) and do not necessarily reflect the official policy or position of Parker, Smith & Feek. While every effort has been taken in compiling this information to ensure that its contents are totally accurate, neither the publisher nor the author can accept liability for any inaccuracies or changed circumstances of any information herein or for the consequences of any reliance placed upon it.