The Security Scrutinizer with Howard Anderson

Health Info Security at a Turning Point

Survey Shows Improved Compliance and Training Are Now Priorities

The survey found that the No. 1 security priority for the year ahead is improving regulatory compliance. And attorney Adam Greene says that signals we're at a turning point. "Executives are seeing large breaches of patient data on front pages, and it is suddenly becoming a much stronger incentive for them to allocate resources to information security," he says.

Ramped up enforcement of the Health Insurance Portability and Accountability Act's privacy, security and breach notification rules is a big catalyst for compliance, Greene adds. He formerly was an official at the HHS Office for Civil Rights, which enforces HIPAA. "It's becoming increasingly clear that the age of strictly voluntary compliance with respect to HIPAA has come to an end, and the threat of expensive settlements and corrective action plans with federal and state regulators is becoming an increasing reality," he says.

Executives are seeing large breaches of patient data on front pages, and it is suddenly becoming a much stronger incentive for them to allocate resources to information security. 

The survey also shows that 43 percent of organizations expect the percentage of their IT budget devoted to security to increase in the year ahead.

"I'm not surprised by the expectation that IT security budget funding will increase," says Christopher Paidhrin, security compliance officer at PeaceHealth Southwest Medical Center. "As healthcare leaders discover how much more vulnerable their information systems are, and the real costs for breaches, the return on investment calculus is shifting."

The survey also shows improving security awareness and education for physicians, staff, executives and board members is a top priority for the year ahead. That's not surprising, given that 43 percent graded their training efforts as poor, failing or in need of improvement.

"A lot of organizations did their initial HIPAA training as required, and that was pretty much the extent of the training they offered," Terrell Herzig, information security officer at UAB Health System in Birmingham, Ala., says. So it's time for these organizations to launch comprehensive training initiatives to help improve compliance and prevent breaches.

In addition to the insights provided in the three interviews, you can hear more analysis in a panel discussion included in an upcoming free webinar about the survey.

About the Author

Howard Anderson

Howard Anderson

News Editor, ISMG

Anderson is news editor of Information Security Media Group and was founding editor of HealthcareInfoSecurity and DataBreachToday. He has more than 40 years of journalism experience, with a focus on healthcare information technology issues. Before launching HealthcareInfoSecurity, he served as founding editor of Health Data Management magazine, where he worked for 17 years, and he served in leadership roles at several other healthcare magazines and newspapers.

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing, you agree to our use of cookies.