Kroll Fraud Solutions Blog – A Dialogue on Data Security

The holiday shopping season is in full swing, and this time of year always fuels interest in the latest cyber security threats that are affecting retail and associated industries. With that in mind, Kroll’s upcoming newsletter will feature tips and threat information that’s essential this holiday season. Of course, sometimes it’s not the latest and greatest risk or new technologies that companies have to worry about – and as the following case studies illustrate, retailers would do well to brush up on history.

When it comes to cyber security, what’s at the top of your list? Is it protecting against the threat of hackers? Ensuring that your mobile devices contain the most up-to-date security software or encryption technologies? Making sure you are prepared in the event of a data loss incident?

As the threat landscape continues to expand, it could be all of these, and more. Kroll’s work in all aspects of risk management – from physical and data security to forensics, data recovery and breach response – has provided our team with the experience and frontline knowledge that affords a great vantage point for conveying best practice information and insight.

The Office of the National Coordinator for Health Information Technology (ONC) is seeking public comment regarding personal health records, now through December 10. Comments can be submitted through the website, on the following topics:

• Privacy and security and emerging technologies
• Consumer expectations about collection and use of health information
• Privacy and security requirements for non-covered entities
• Any other comments on personal health records (PHRs) and non-covered entities

The ONC is also hosting a day-long public roundtable discussion, Personal Health Records – Understanding the Evolving Landscape. According to the website, the purpose is to “inform ONC’s congressionally mandated report on privacy and security requirements for non-covered entities (non-CEs), with a focus on personal health records (PHRs) and related service providers.”

A data breach can occur many ways. Even a data “warehouser,” who has implemented a policy to minimize data collection and retention while making necessary data accessible in a secure environment, may still be subject to a data breach. A data breach may still occur by accident or through malice even when a well written policy and procedure is adhered to seriously by computer users. Data is only as safe as the trustworthiness and reliability of the organization’s users.

Earlier today, we released the 2010 HIMSS Analytics Report: Security of Patient Data. The report is a follow-up to our  2008 report conducted with HIMSS Analytics,  and is based on the results of the bi-annual survey of healthcare provider facilities in the U.S. regarding patient data safety. The study can be considered a tool to both monitor and provide insight into the effect of regulatory changes and the effectiveness of the resulting compliance efforts taking place, as well as the evolving state of patient data security.