Training is also important for all employees who touch PHI and sensitive personal data, both internally and for vendors who perform group health and wellness program functions, Faifer says.
“Any industry must be aware that this kind of data lives in their organization, as well as how it’s processed through its various stages of use in the organization and where it goes outside the organization,” Widup says. “Make sure it has controls in place all the way along. If they haven’t done that with this kind of data, then I can pretty much guarantee that it has been exposed someplace that they don’t know about.”
Sign up for CIO Asia eNewsletters.