I am constantly amazed at the lengths some facilities will go to in an effort to become compliant with health information.  Then I'm equally amazed at the priorities established by these same facilities for choosing "what" PHI to protect and what to essentially ignore.  Technology is intoxicating and it seems that we are seduced at every turn by the newest and latest tech-fix, particularly in health care. 

In the meantime, HHS continues to add to, update and publish its list of breaches affecting 500 or more individuals and no technology in the world would prevent 95% of those listed.  "What would?", you ask.  Common sense comes to mind right off the bat.  Records stolen from a dumpster?  Really?  Medical records stored in a common area under no better conditions than a farm tractor?  Really??  Unencrypted laptops simply walking away?  Granted, there is a little tech involved in encrypting a hard drive, but not so much...

Lets get the basics right first and I suspect that most data breaches will go away.  Mitigation of this liability isn't really that hard.  Vet your vendors.  Get your paper in order.  Convert and destroy those paper-based medical records allowed by law.  Stop faxing.  Make your vendors prove they are HITECH compliant.  Disable CD/DVD drives and USB ports.  Re-set PCs and laptops to strong, short time-out passwords.  The path to less worry and less exposure isn't embedded in a high-tech chip, it's embedded in low-tech common sense.  Read more...