Who wants to risk Health Data breaches?

Health data breaches are a concern for everybody involved in healthcare provision. Not only is patient privacy and trust impacted when data breaches occur, provider reputation can also be at stake and there may be substantial financial penalties. Facilities and providers continue to improve their privacy policies but still the Office for Civil Rights has recorded an average of 10.2 large-scale health data breaches per month this year. This is an improvement from last year when there were 12.8 per month and 2010 when there were 17.8 large-scale breaches per month.

A "large-scale" breach is one that affects the protected health information (PHI) of more than 500 individuals. These breaches are required by law to be published and an online list can be found here: http://www.hhs.gov/ocr/privacy/hipaa/administrative/breachnotificationrule/breachtool.html

Reviewing the causes of breaches, the majority involve people rather than technical security issues. Common themes involve unauthorized access and thefts rather than hacking attempts. Where hacking does occur it tends to involve smaller providers and smaller numbers of charts.


Securing your PHI is simplified with the PLATOCODE CAC solution, for a number of reasons:

1) No PHI is stored or accessed by human coders outside your direct control.

2) Apart from the moment of processing, PHI is fully encrypted while in PLATOCODE care. As soon as the CAC process is completed, results are returned and the PHI is discarded.

This means there is no designated dataset or potential source of breach outside the provider's control. Even if somebody were to breach the secure server center in downtown Los Angeles and steal a PLATOCODE server, there is no PHI on it.

3) The only place where PHI is stored for PLATOCODE use is on a database server controlled by the provider and with all its usual protections. If somebody were to breach this, the provider has a lot more to worry about than the CAC data.

4) PHI in the provider's PLATOCODE database is additionally encrypted. Even if a hacker can access the data directly, only chart numbers and basic demographic detail is readable.

5) You cannot access the PLATOCODE CAC application unless you are already logged into an abstractor, EHR or other repository. Somebody logged into such an application already has access to far more PHI that is to be found in the PLATOCODE database.

In summary, the PLATOCODE CAC system architecture minimizes risk for customers. There is no designated dataset and a combination of encryption and an excellent CAC engine that does not require outside human coders to supervize, provides an extremely safe environment.