Disclosure of Information Enforcement

Published by Joe D on

Disclosure of Information Enforcement

Information Security focuses on the controls necessary to limit access to sensitive information and reduce fault tolerance with the objective of preventing associated incidents and breaches.  However, at the same time we are working to reduce exposure, it is of vital importance to have this information available to disclose to the affected party, when it is requested.

Many regulations call for the ability to provide an individual’s personal information which may include Personally Identifiable Information and Protected Health Information.  In fact, over the last 4 months, The U.S. Department of Health and Human Services has settled over 10 cases with institutions who did not properly disclose health information, whether it was on an untimely basis or not at all, when it was requested by the data subject.  These settlements ultimately cost the institution millions of dollars, in some instances.

The Keys to Avoiding These Incidents:

  1. Understand the regulatory and customer requirements that affect your business.
  2. Ensure that you have proper policies and procedures in place that identify what is sensitive information and where it is located.
  3. Ensure that you have a proper procedure for handling requests and the subsequent approvals for the disclosure of an individual’s personal information.
  4. Periodically test the procedure to ensure that it operates as expected to prevent surprises at the time of an actual request. Adjust the procedure accordingly.
  5. Periodically review the policies and procedures to account for regulatory changes.
  6. Record and document all requests for disclosure of

Be aware of your Information Security Policies and Procedures.

Always consult your Privacy and Security Official with questions!

Share on facebook
Share on twitter
Share on linkedin
Categories: Bulletins

0 Comments

Leave a Reply