Back Thru The Future’s SHE Plus service was specifically designed to provide health service providers with auditable proof of the implementation of an important component of a “device and media control system” as required under HITECH. This is a highly affordable service that relieves your IT department from the challenging administration of properly sanitizing to be disposed of data media
The significant increase in reported data breachs by hospitals and the large fines being levied by the DHSS serves as notice that the government is serious about ePHI security and will force hospitals to prove they have taken all necessary steps to secure ePHI.
It should be noted that recent surveys questioning the causes of hospital ePHI data breachs show that nearly 50% of the breaches are caused by the loss of mobile data storage devices or data media. Failure to implement a well constructed “device and media control system” represents a sure way to incur a large fine from an OCR HIPAA audit.
HITECH has provided health services organizations tools to manage the “Data Breach Notification” liability. These tools are called “Data Breach Notification” exclusions for secured data. Secure data is defined as encrypted data or data that has been sanitized utilizing NIST “Guidelines for Media Sanitization”
Back Thru The Future’s SHE Plus service utilizes NIST approved sanitization methods applied within your security perimeter under IT management control. SHE services are provided on a predetermined schedule selected by IT management and represents the proof of your “routinely” following your data sanitization policy. SHE services also includes employee security training that is required for your “device and media control” policy.
See our White Papers
NIST “Guidelines for Media Sanitization”
HIPAA 45CRF parts 160 and 164 “Breach Notification”: What you need to know