Mobile App Helps Breach Assessments
Aids in Sizing Up Whether an Incident Must be ReportedA new application for Apple mobile devices is designed to help healthcare organizations assess whether an incident is a breach that must be reported under the breach notification rule mandated by the HITECH Act.
See Also: Embracing Digital Risk Protection: Take Your Threat Intelligence to the Next Level
The new mobile HITECH Act Breach Notification Risk Assessment Tool was jointly developed by North Carolina Healthcare Information & Communications Alliance, a not-for-profit consortium, and Oak Grove Technologies, a small online training firm.
The app, which runs on iPhones, iPads and iPod Touches, enables users to provide answers to a series of questions to assess whether an incident is a reportable breach. The software provides a "total risk score" for the incident.
Questions include, for example: "Who was the recipient of the protected information," says James Zimmer, senior software engineer at Oak Grove Technologies. "Each question has a list of possible answers, and each answer has an internal risk score value," says Zimmer, the app's programmer.
In addition, the app can score the severity of the breach, determine required reporting actions for the incident and assist in record keeping. It enables the user to add basic report details, including the point of contact for the breach and the date of the event, Zimmer says.
The application also allows users to e-mail or text others within their organizations to notify them of the potential breach. But it does not provide a link to report a breach directly to the Department of Health and Human Services, and it's not designed to accommodate notification of breach victims.
In addition to running on Apple mobile devices, "we are assessing the demand for the app on other mobile devices," Zimmer adds.
The new app is an interactive, mobile version of the NCHICA Breach Reference Application, a reference available on the NCHICA website. It's available on iTunes for $1.99.