The Value of Protected Health Information (PHI)

In our last blog, we discussed the importance of personally identifiable information (PII). This week our focus is PHI, or protected health information. PHI includes patient names, medical records, addresses, social security numbers and email addresses. While PHI is addressed by HIPAA and HITECH acts, breaches still occur. One such occurrence is the recent Anthem breach, which exposed 80 million client records. Anthem is the largest for-profit managed health care company in the Blue Cross and Blue Shield Association.

People who had previously been insured with Blue Cross decades ago received letters warning them their sensitive data had been exposed. Since then, stolen identities and fraudulently filed tax returns have been linked to this breach.

Due to the sensitive nature of medical records, breaches could diminish trust in doctor/patient confidentially. Some speculate patients could withhold health concerns or conditions for fear of the information going public. Anthem, and other breached companies, are now tasked with repairing brand damage and winning back lost clients.

In the case of a credit card breach, the financial institution can send a new card with different numbers. However, medical records cannot simply be reissued or changed. This is why some consider PHI to be 50 times more valuable to thieves than credit cards.

According to CNBC and Reuters, “Medical identity theft is often not immediately identified by patients or their provider, giving criminals years to milk such credentials. That makes medical data more valuable than credit cards, which tend to be quickly canceled by banks once fraud is detected.”

So how do we adequately safeguard this data from cyber thieves?

Tokenization has become the gold standard for protecting sensitive data. Tokenization takes a real value (SSN, date of birth, etc.) and replaces it with a surrogate value. Tokens cannot be reverse engineered and the data itself resides off site entirely. Paymetric’s tokenization solution, XiFlex™ powered by XiSecure™, gives organizations the adaptability necessary to protect any type of sensitive information residing within the enterprise. Read more about our proprietary solutions here.

To learn more about protecting sensitive data, you are welcome to join our upcoming webinars:

Securing Sensitive Data and PII within SAP® – Thursday, April 30th 2:00-3:00pm

Securing Sensitive Data and PII within Oracle®EBS – Tuesday, May 12th 2:00-3:00pm