TRENDING:

The Security Scrutinizer with Howard Anderson

Health Info Security at a Turning Point

Survey Shows Improved Compliance and Training Are Now Priorities Howard Anderson (ismg_editor) • November 11, 2011    

The survey found that the No. 1 security priority for the year ahead is improving regulatory compliance. And attorney Adam Greene says that signals we're at a turning point. "Executives are seeing large breaches of patient data on front pages, and it is suddenly becoming a much stronger incentive for them to allocate resources to information security," he says.

Ramped up enforcement of the Health Insurance Portability and Accountability Act's privacy, security and breach notification rules is a big catalyst for compliance, Greene adds. He formerly was an official at the HHS Office for Civil Rights, which enforces HIPAA. "It's becoming increasingly clear that the age of strictly voluntary compliance with respect to HIPAA has come to an end, and the threat of expensive settlements and corrective action plans with federal and state regulators is becoming an increasing reality," he says.

Executives are seeing large breaches of patient data on front pages, and it is suddenly becoming a much stronger incentive for them to allocate resources to information security. 

The survey also shows that 43 percent of organizations expect the percentage of their IT budget devoted to security to increase in the year ahead.

"I'm not surprised by the expectation that IT security budget funding will increase," says Christopher Paidhrin, security compliance officer at PeaceHealth Southwest Medical Center. "As healthcare leaders discover how much more vulnerable their information systems are, and the real costs for breaches, the return on investment calculus is shifting."

The survey also shows improving security awareness and education for physicians, staff, executives and board members is a top priority for the year ahead. That's not surprising, given that 43 percent graded their training efforts as poor, failing or in need of improvement.

"A lot of organizations did their initial HIPAA training as required, and that was pretty much the extent of the training they offered," Terrell Herzig, information security officer at UAB Health System in Birmingham, Ala., says. So it's time for these organizations to launch comprehensive training initiatives to help improve compliance and prevent breaches.

In addition to the insights provided in the three interviews, you can hear more analysis in a panel discussion included in an upcoming free webinar about the survey.



About the Author

Howard Anderson

Howard Anderson

News Editor, ISMG

Anderson is news editor of Information Security Media Group and was founding editor of HealthcareInfoSecurity and DataBreachToday. He has more than 40 years of journalism experience, with a focus on healthcare information technology issues. Before launching HealthcareInfoSecurity, he served as founding editor of Health Data Management magazine, where he worked for 17 years, and he served in leadership roles at several other healthcare magazines and newspapers.




Around the Network

Banking on Cloud Security
Banking on Cloud Security
Analysis: Are Marriott and BA's GDPR Fines Big Enough?
Analysis: Are Marriott and BA's GDPR Fines Big Enough?
Using an 'Intrinsic Security' Approach
Using an 'Intrinsic Security' Approach
Why Banks Need to Invest in Monitoring
Why Banks Need to Invest in Monitoring
Analysis: Cybersecurity Challenges Facing New President
Analysis: Cybersecurity Challenges Facing New President
Christopher Krebs Describes Accomplishments
Christopher Krebs Describes Accomplishments
Using Advanced Tools to Tackle Hidden Fraud
Using Advanced Tools to Tackle Hidden Fraud
Analysis: Threat Landscape Report
Analysis: Threat Landscape Report
Healthcare Supply Chain Security: Updated Guidance
Healthcare Supply Chain Security: Updated Guidance
Avoiding Medical Device Security Mistakes
Avoiding Medical Device Security Mistakes

Continue »

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing healthcareinfosecurity.com, you agree to our use of cookies.