OHSU violates its patients’ HIPAA rights.
HIPAA violations are not taken lightly; whether it was your fault or not, your company could be held responsible for any data breach that compromises the private information of your customers. Oregon Health & Science University (OHSU) found this out the hard way. OHSU had to notify over 3,000 patients that their personal medical information was stored in Google Drive, a cloud system which reserves the right to access any of the stored information and use it to improve its services.
This is, of course, a violation of a patient’s right to confidentiality. OHSU insists that there is no evidence to suggest that any of the patient information was used for illegitimate purposes. But no matter the ramifications, a principle is at stake. Relentless investigators will come down hard on all parties involved in a data exposure that can erode the public’s sense of security.
Detailed contracts can be crucial protection after data breach.
Citing the OHSU incident as prime example, this article from CFO.com warns that every company must protect itself before electing to use a storage system provided by a third party such as Google Drive. Without a contract that stipulates exactly which party is responsible for each step in the security process, a company could legally be held responsible for any leak, even one caused by the cloud provider’s oversight.
That’s why experts advise companies to make security a top priority when negotiating such a contract. Make sure the language in the contract is consistent with your understanding of each side’s level of responsibility. Also, be sure that your own security system is fortified at every step of data storage and daily operation.
The CFO.com article goes on to point out that cloud providers do have their own security standards to comply with regardless of the nature of their contract with a client. Still, any data breach will likely leave the company paying dearly if there was no contract in place.
TechR2 establishes a culture of data security.
Each day there is more news of data breaches, investigations, and subsequent lawsuits. You could research all of these cases, try to learn from each one and ensure your own company doesn’t fall victim to the same pitfalls. You could do that. Or, at least, you could try.
Or you could hire the data destruction and security company that is most trusted by the International Organization for Standardization (ISO) to protect its own and its customers information. The evidence? TechR2 is the only company in the industry to achieve the ISO 27001 certification. Not one other data destruction company operates up to the ISO’s standards for information security. Sometimes the best business practices include simply not overlooking the most obvious choice.
TechR2 can audit your company’s entire data security system and identify all the holes that could lead to leaks and leave you liable after a breach. TechR2’s most advanced service, facilitates the secure containment and onsite destruction of all retired IT assets. TechR2 even provides a certificate of destruction for each item. Your customers’ vital information will never fall into the wrong hands, and you’ll have the evidence to prove to an auditor that your company is doing all it can to ensure the security of itself and its customers.