TRENDING:

The Security Scrutinizer with Howard Anderson

Health Info Security at a Turning Point

Survey Shows Improved Compliance and Training Are Now Priorities Howard Anderson (ismg_editor) • November 11, 2011    

The survey found that the No. 1 security priority for the year ahead is improving regulatory compliance. And attorney Adam Greene says that signals we're at a turning point. "Executives are seeing large breaches of patient data on front pages, and it is suddenly becoming a much stronger incentive for them to allocate resources to information security," he says.

Ramped up enforcement of the Health Insurance Portability and Accountability Act's privacy, security and breach notification rules is a big catalyst for compliance, Greene adds. He formerly was an official at the HHS Office for Civil Rights, which enforces HIPAA. "It's becoming increasingly clear that the age of strictly voluntary compliance with respect to HIPAA has come to an end, and the threat of expensive settlements and corrective action plans with federal and state regulators is becoming an increasing reality," he says.

Executives are seeing large breaches of patient data on front pages, and it is suddenly becoming a much stronger incentive for them to allocate resources to information security. 

The survey also shows that 43 percent of organizations expect the percentage of their IT budget devoted to security to increase in the year ahead.

"I'm not surprised by the expectation that IT security budget funding will increase," says Christopher Paidhrin, security compliance officer at PeaceHealth Southwest Medical Center. "As healthcare leaders discover how much more vulnerable their information systems are, and the real costs for breaches, the return on investment calculus is shifting."

The survey also shows improving security awareness and education for physicians, staff, executives and board members is a top priority for the year ahead. That's not surprising, given that 43 percent graded their training efforts as poor, failing or in need of improvement.

"A lot of organizations did their initial HIPAA training as required, and that was pretty much the extent of the training they offered," Terrell Herzig, information security officer at UAB Health System in Birmingham, Ala., says. So it's time for these organizations to launch comprehensive training initiatives to help improve compliance and prevent breaches.

In addition to the insights provided in the three interviews, you can hear more analysis in a panel discussion included in an upcoming free webinar about the survey.



About the Author

Howard Anderson

Howard Anderson

News Editor, ISMG

Anderson is news editor of Information Security Media Group and was founding editor of HealthcareInfoSecurity and DataBreachToday. He has more than 40 years of journalism experience, with a focus on healthcare information technology issues. Before launching HealthcareInfoSecurity, he served as founding editor of Health Data Management magazine, where he worked for 17 years, and he served in leadership roles at several other healthcare magazines and newspapers.




Around the Network

Case Study: Tackling CIAM Challenges During the Pandemic
Case Study: Tackling CIAM Challenges During the Pandemic
Fraud and Defenses: Evolving Together
Fraud and Defenses: Evolving Together
Protect the Brand: Online Fraud and Cryptocurrency Scams
Protect the Brand: Online Fraud and Cryptocurrency Scams
Securing Your Building Management System
Securing Your Building Management System
Can Evidence Collected by Cellebrite's Tools Be Trusted?
Can Evidence Collected by Cellebrite's Tools Be Trusted?
Analysis: 'Cybersecurity Call to Arms'
Analysis: 'Cybersecurity Call to Arms'
Why a Lab Launched a Vulnerability Disclosure Program
Why a Lab Launched a Vulnerability Disclosure Program
Healthcare Risks: Unprotected Databases, 'Shadow IT'
Healthcare Risks: Unprotected Databases, 'Shadow IT'
Assessing Whether a Nation-State Had a Role in Pipeline Attack
Assessing Whether a Nation-State Had a Role in Pipeline Attack
Supreme Court Ruling in Facebook Case: The Implications
Supreme Court Ruling in Facebook Case: The Implications

Continue »

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing healthcareinfosecurity.com, you agree to our use of cookies.