TRENDING:

The Security Scrutinizer with Howard Anderson

Health Info Security at a Turning Point

Survey Shows Improved Compliance and Training Are Now Priorities Howard Anderson (ismg_editor) • November 11, 2011    

The survey found that the No. 1 security priority for the year ahead is improving regulatory compliance. And attorney Adam Greene says that signals we're at a turning point. "Executives are seeing large breaches of patient data on front pages, and it is suddenly becoming a much stronger incentive for them to allocate resources to information security," he says.

Ramped up enforcement of the Health Insurance Portability and Accountability Act's privacy, security and breach notification rules is a big catalyst for compliance, Greene adds. He formerly was an official at the HHS Office for Civil Rights, which enforces HIPAA. "It's becoming increasingly clear that the age of strictly voluntary compliance with respect to HIPAA has come to an end, and the threat of expensive settlements and corrective action plans with federal and state regulators is becoming an increasing reality," he says.

Executives are seeing large breaches of patient data on front pages, and it is suddenly becoming a much stronger incentive for them to allocate resources to information security. 

The survey also shows that 43 percent of organizations expect the percentage of their IT budget devoted to security to increase in the year ahead.

"I'm not surprised by the expectation that IT security budget funding will increase," says Christopher Paidhrin, security compliance officer at PeaceHealth Southwest Medical Center. "As healthcare leaders discover how much more vulnerable their information systems are, and the real costs for breaches, the return on investment calculus is shifting."

The survey also shows improving security awareness and education for physicians, staff, executives and board members is a top priority for the year ahead. That's not surprising, given that 43 percent graded their training efforts as poor, failing or in need of improvement.

"A lot of organizations did their initial HIPAA training as required, and that was pretty much the extent of the training they offered," Terrell Herzig, information security officer at UAB Health System in Birmingham, Ala., says. So it's time for these organizations to launch comprehensive training initiatives to help improve compliance and prevent breaches.

In addition to the insights provided in the three interviews, you can hear more analysis in a panel discussion included in an upcoming free webinar about the survey.



About the Author

Howard Anderson

Howard Anderson

News Editor, ISMG

Anderson is news editor of Information Security Media Group and was founding editor of HealthcareInfoSecurity and DataBreachToday. He has more than 40 years of journalism experience, with a focus on healthcare information technology issues. Before launching HealthcareInfoSecurity, he served as founding editor of Health Data Management magazine, where he worked for 17 years, and he served in leadership roles at several other healthcare magazines and newspapers.




Around the Network

The Future SOC: Harmonizing Detection and Response
The Future SOC: Harmonizing Detection and Response
Proactive Mobile Threat Defense
Proactive Mobile Threat Defense
Analysis: The Significance of GDPR Fines
Analysis: The Significance of GDPR Fines
Battling Supply Chain Security Risks
Battling Supply Chain Security Risks
Will Cyberattacks Lead to Prolonged Conflicts?
Will Cyberattacks Lead to Prolonged Conflicts?
Tesla Vulnerability: A Bounty Hunter's Tale
Tesla Vulnerability: A Bounty Hunter's Tale
Security Solutions Planning: Right-Sizing Your Stack
Security Solutions Planning: Right-Sizing Your Stack
Huawei Policy: Why India Must Chart Its Own Path
Huawei Policy: Why India Must Chart Its Own Path
John Halamka: Mitigating Medical Device Security Risks
John Halamka: Mitigating Medical Device Security Risks
How Deception Technology Is Evolving
How Deception Technology Is Evolving

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing healthcareinfosecurity.com, you agree to our use of cookies.