Health Info Security at a Turning PointSurvey Shows Improved Compliance and Training Are Now Priorities
The survey found that the No. 1 security priority for the year ahead is improving regulatory compliance. And attorney Adam Greene says that signals we're at a turning point. "Executives are seeing large breaches of patient data on front pages, and it is suddenly becoming a much stronger incentive for them to allocate resources to information security," he says.
Ramped up enforcement of the Health Insurance Portability and Accountability Act's privacy, security and breach notification rules is a big catalyst for compliance, Greene adds. He formerly was an official at the HHS Office for Civil Rights, which enforces HIPAA. "It's becoming increasingly clear that the age of strictly voluntary compliance with respect to HIPAA has come to an end, and the threat of expensive settlements and corrective action plans with federal and state regulators is becoming an increasing reality," he says.
Executives are seeing large breaches of patient data on front pages, and it is suddenly becoming a much stronger incentive for them to allocate resources to information security.
The survey also shows that 43 percent of organizations expect the percentage of their IT budget devoted to security to increase in the year ahead.
"I'm not surprised by the expectation that IT security budget funding will increase," says Christopher Paidhrin, security compliance officer at PeaceHealth Southwest Medical Center. "As healthcare leaders discover how much more vulnerable their information systems are, and the real costs for breaches, the return on investment calculus is shifting."
The survey also shows improving security awareness and education for physicians, staff, executives and board members is a top priority for the year ahead. That's not surprising, given that 43 percent graded their training efforts as poor, failing or in need of improvement.
"A lot of organizations did their initial HIPAA training as required, and that was pretty much the extent of the training they offered," Terrell Herzig, information security officer at UAB Health System in Birmingham, Ala., says. So it's time for these organizations to launch comprehensive training initiatives to help improve compliance and prevent breaches.
In addition to the insights provided in the three interviews, you can hear more analysis in a panel discussion included in an upcoming free webinar about the survey.