More than four million patient records have been exposed this past year because of security breaches, according to the Department of Health and Human Services. Security breaches in healthcare involving patients' protected health information (PHI) are now commonplace, whether due to stolen servers or laptops, patient files found in dumpsters, deliberate abuse of system access, unintentional human error, or organized cyber attacks. And at a time when federal medical privacy regulations are in flux, hospitals and medical practices can now turn to RADAR™, a new web-based tool developed by ID Experts®, when faced with any type of security incident involving patient data, and know they will be in compliance with the HITECH Act's risk assessment, documentation and reporting requirements.

Documenting, assessing, and reporting security incidents are not only necessary, they are required under the federal HITECH Act. RADAR risk assessment, documentation and reporting provides an overall incident risk index (IRI) based on the severity of the security incident and sensitivity of the compromised data. The tool gives organizations highly efficient and consistent processes for assessing whether the incident is a breach with potential for financial, reputational, and medical risk and harm to the affected individuals, in order to take necessary actions to protect patients and minimize medical identity theft and health care fraud.

"RADAR provides us consistency in assessing the specifics of privacy and security incidents experienced in our organization or by our business associates. In particular, it provides an objective, reproducible risk analysis of the significance of a breach or data loss incident, which helps inform our decision whether or not and if so, how to notify potential victims. However, it doesn't prescribe that we do, because it's flexible to our operational and situational realities," said David G. Parks, Operations Counsel, Regulatory Compliance and Privacy Officer, Alegent Health.

"We evaluated RADAR's capabilities and ID Experts was very receptive to our input--recognizing the evolving, regulatory environment. RADAR documents the incident details and tracks the breach notification progress, which addresses our comprehensive assessment needs in the immediate term, and it performs aggregate reporting to address our workflow needs in the future." Alegent Health is a top-ranked health care system with operations in Nebraska and Iowa.

"A security breach can paralyze an organization. Medical facilities want to do the right thing by their patients but often are not sure what to do first, especially with growing concerns about complying with federal laws," said Bob Gregg, CEO of ID Experts. "When a security incident is discovered, RADAR pinpoints the risks and whether any safe-harbor exceptions apply, so that organizations take the appropriate next steps to protect their patients and remain compliant."

v Source: ID Experts