The original article appeared on the Texas Hospital Association's website
This article is sponsored by Celerium. Celerium Inc. engineers automated data breach detection and containment solutions that are easy to implement and manage with minimal IT effort.
Instead of focusing only on prevention before a breach and response after a data breach has occurred and is reportable to HHS OCR, hospitals should consider the time in between – to evolve an institutional focus on proactivity by understanding Early Awareness of possible data breach activity.
The Challenge of Early Detection
Understandably, most attention today is on prevention measures. However, when a data breach occurs, and IT or IR processes formally determine that more than 500 ePHI records have been stolen, the organization starts the 60-day clock to submit a Data Breach Disclosure document to HHS/OCR. The dilemma, per seven years of IBM research, is that the average data breach detection time can take months—possibly as long as 6.9 months (about 200 days).
