ID Experts today announced RADAR (HITECH Data Breach Risk Assessment, Documentation and Reporting), the industry’s first expert software tool to measure a data breach incident’s risk index (IRI) by combining the severity of the episode and the sensitivity of the exposed data to quantify the incident’s overall harm threshold. Designed for healthcare providers, HIPAA covered entities, and their business associates, RADAR was developed to efficiently and consistently meet all of the requirements for complying with the HITECH Act data breach notification provisions for security and privacy breach incident harm threshold assessment, documentation and reporting.
Security breaches are now remarkably commonplace in healthcare; more than 55 were reported to the Department of Health and Human Services (HHS) in the first six months of 2010. In fact, healthcare is the second most breached industry, according to the Identity Theft Resource Center. And security breaches, whether digital- or paper-based, can happen at any given moment—physical theft of a laptop from an employee’s car, deliberate abuse of system access, misdirected faxes and emails, malware attacks, unintentional human error, unauthorized access, a lost backup drive. Additionally, the future of healthcare dictates the use of electronic medical records, raising fresh concerns of protecting patient privacy, PHI threats and medical identity theft.
Dr. Larry Ponemon, chairman and founder of the Ponemon Institute, a leading researcher and voice in addressing data breach risks and issues, noted about RADAR that:
“Organizations may need guidance, especially when dealing with PHI breaches, so they cover their bases to protect individuals and follow all of the rules and laws. ID Experts’s RADAR new tool offers consistency and efficiency for evaluating and reporting a security breach, and provides the analysis and documentation required of a mandated risk assessment.”
Following any security breach, RADAR will guide the privacy or security officer to analyze the incident and exposed data to quantify the incident, determine whether the exposed information includes PHI, whether any exceptions apply, and the likelihood that the information could be misused. The results will help companies determine the potential risk of harm to the individuals affected by each data breach incident and take appropriate steps to mitigate the potential harm to those affected, while fulfilling all of the HITECH requirements enforced by the HHS, including determining if notification is required.
RADAR is current in beta test with several leading US healthcare providers and will be generally available in August, 2010. RADAR is available as software-as-a-service on a subscription basis with pricing starting at $1,500 per user per year.