Page 22


Q. How do I comply? A. Have no fear. IA&B walks members through the daunting project with a series of online assessments – administrative, physical and technical safeguards.

Snapshot of 2009 data breaches Who is behind data breaches? 74% resulted from external sources 20% were caused by insiders 32% implicated business partners

Each assessment labels individual standards as required or addressable. As the title suggests, covered entities and business associates must comply with required standards. Addressable standards require compliance if it is reasonable and appropriate based upon your agency. For the addressable standards that you choose not to implement, you’ll need to document why and implement an alternative measure.

How do breaches occur? 67% were aided by significant errors

Once the assessments are complete, formalize and implement the policies and procedures, and then set a reminder to review the policies. Access the Security Rule assessments: Pennsylvania – security_rule Maryland – security_rule Delaware – security_rule Note: The Security Rule applies only to electronic information. The HIPAA databreach notification mandates, on the other hand, apply to electronic, written and spoken information.

64% resulted from hacking

Data security 101

What do they have in common? 83% of attacks were not highly difficult

Learn more about data security at IA&B’s Executive Management Conference on Oct. 26-27 in Lancaster, Pa.

87% were considered avoidable through simple or intermediate controls 99.9% of records were compromised from servers and applications Where should mitigation efforts be focused? 3 Ensure essential controls are met.

The technology-themed event will bring together industry experts to cover: w Agency management systems w Data security w Electronic document management w Social networking w Top technology tips

3 Find, track and assess data. 3 Collect and monitor event logs. 3 Audit user accounts and credentials. 3 Test and review Web applications. Source: Verizon Business Investigative Response Team

Look for more information in Agent Headlines and at [ 20 ]

Primary Agent - August 2010 - PA Edition  

Primary Agent - August 2010 - PA Edition