Backing Up the Back-up Tapes: a Privacy/Security Concern for All Entities
By Eve Collins - November 2, 2011

The largest health care data breach on record occurred recently when a thief made off with back-up tapes — items commonly used by hospitals and other providers to store patient data. Experts say covered entities and business associates should ensure the tapes are secured, both by encryption and by more physical means.

The tapes contained information on 4.9 million TRICARE (the government health plan that covers military personnel and their dependents) beneficiaries. They were stolen last month while in the possession of Scientific Applications International Corp., a TRICARE contractor.

The ironic part: The tapes were on their way to be encrypted so that the data could not be viewed, should they ever fall into the wrong hands. In notifying members of the breach, TRICARE deemed the risk of harm to be low because specialized equipment is needed to view the tapes. It opted not to offer credit monitoring services to the victims.

That fact seems to be at the heart of a $4.9 billion proposed class action suit ($1,000 per affected beneficiary), brought under the 1974 Privacy Act. TRICARE is also a HIPAA covered entity, and SAIC would be its business associate, but HIPAA provides no private right of action for individuals to sue. However, the HHS Office for Civil Rights investigates any breach that involves more than 500 individuals and can impose fines.

Are these tapes still a reliable option to save data?

Is it feasible to stop using them?

Besides encryption, what are some ways to protect them?

It's quick and easy to sign up for FREE access to!

Why do I need to register?

About the AIS Bloggers
Managing Editor, Health Plan Week
View Steve's Profile
Managing Editor, Medicare Advantage News
View Lauren's Profile
Managing Editor, Specialty Pharmacy News and Drug Benefit News
View Angela's Profile
Managing Editor, Report on Medicare Compliance
View Nina's Profile
Editor, Report on Patient Privacy and Report on Research Compliance
View Theresa's Profile
President & Publisher
View Rick's Profile