DOWNLOAD: HITECH Terminology Quick Reference
Make sense of the alphabet soup of acronyms
For those of us who tend to think that data breaches happen far away and to everyone else comes this reminder from the public radio station right here in IT Business Edge's hometown of Louisville, Ky.
WFPL News reports the University of Louisville has alerted roughly 700 patients in the university's kidney dialysis program that personal information, including their names and Social Security numbers, was briefly accessible outside of the program. University spokesman Mark Hebert explained the information was not password protected and was leaked to "the public domain on the Internet."
Fortunately, no instances of identity theft have yet been reported as a result of the breach. But no harm doesn't always mean no foul where data breach is concerned, especially since this one could have been prevented with just a password. The university could have saved itself the embarrassment - not to mention the cost of credit monitoring times 700 - by adding password protection.
What makes this particular breach an even better example of what to avoid is that it also put health information at risk. Now that the HITECH Act has added teeth to HIPAA's privacy and security enforcement provisions, health care organizations and their business associates are also responsible for protecting patients' personally identifiable health information.
If regulators were to look into this breach, I'm guessing it wouldn't sit well that this particular program wasn't even password protected.