Secure Messaging Can Prove a Breach Did Not Occur
Fingerprint by CPOA 2.15.13
One of the challenging aspects of security is that even what constitutes a breach is debatable. For example, if an email with confidential information is sent to the wrong person and the email was recalled before the recipient could read it, is it a breach? It’s a grey area. Legal counsel should be consulted to help make the determination, however, there’s an emerging legal precedent that may be starting to clarify such situations.
A California appeals court has dismissed several class action lawsuits seeking $4 billion in damages against Sutter Health for a stolen laptop that had PHI on over 4 million patients. Court documents said that the individuals “failed to state a cause of action under the Confidentiality Act because they [did] not allege that the stolen medical information was actually viewed by an unauthorized person.” The recent HIPAA Omnibus Update also states that if a covered entity or business associate can demonstrate a low probability that the PHI has been compromised using a four factor risk assessment, then breach notification is not necessary.
This is really good news for organizations because those that make proactive investments in security solutions are given more leeway to avoid the damaging repercussions of a breach. Cirius can arm you with tools to prove a potential breach has not occurred. Time-stamped real-time tracking can prove exactly what actions were or were not taken on an email, message recall can wipe it from a recipient’s machine without their permission and ‘For Your Eyes Only’ (F.Y.E.O.) password protection can provide another layer of protection and proof that a message or attachment has or has not been accessed.
With the real threat of billion dollar lawsuits such as the one Sutter Health faced, tools like secure messaging are a must have. Cirius Secure Messaging is cloud-based and deploys in minutes. Check out how easy it can be to mitigate the risk of a large breach by signing up for a free trial here.