CISOs: Top 3 Challenges for 2014

A Discussion of Pivotal Healthcare Privacy, Security Issues
CISOs: Top 3 Challenges for 2014
Nadia Fahim-Koster
Compliance with the HIPAA Omnibus Rule, especially when dealing with business associates, is the No. 1 challenge for healthcare CISOs in 2014, says security expert Nadia Fahim-Koster. But what are the other top challenges?

The HIPAA Omnibus Rule creates a number of new requirements for covered entities and especially business associates, who are now directly liable for HIPAA compliance, Fahim-Koster notes.

"Healthcare CISOs have to keep up with the business associate compliance requirements," she says. "They have to make sure they've fully documented assessment of the business associates ... And business associates also need to make sure they have all their processes in place in regards to privacy and security."

In an interview with Information Security Media Group, Fahim-Koster, a security consultant who formerly was executive director of information security and compliance at Piedmont Healthcare in Atlanta, says two other challenges for CISOs in the year ahead are mobile security and secure health information exchange.

"Privacy and security of mobile applications are a challenge, but incorporating patient-provided information into the medical record from those mobile apps can be quite daunting," Fahim-Koster says.

And as more healthcare providers express interest in sharing patient information via text messages, that creates new privacy concerns, she explains, especially when there's no mechanism that allows texted information to securely land directly into electronic health records.

With health information exchange organizations springing up across the country, "CISOs really need to get in front of the privacy and security challenges of integration of systems internally and with ... exchanges," she says. Exchanging patient records raises new issues, including how to obtain patient consent as well as how to segregate the most sensitive data, such as mental health and substance abuse information, she says.

In the interview, Fahim-Koster also discusses:

  • What aspects of HIPAA Omnibus compliance are giving covered entities and business associates the most trouble;
  • Tips for breach prevention;
  • What technologies should be on the priority lists of healthcare CISOs in the year ahead.

Fahim-Koster, who has 16 years of healthcare industry experience, joined Meditology Services, an Atlanta-based healthcare consulting firm, in October at its director of IT risk management. Previously, she was the executive director of information security and regulatory compliance for Piedmont Healthcare. Earlier, Fahim-Koster was information privacy and security director at Gwinnett Medical Center in Lawrenceville, Ga.

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing, you agree to our use of cookies.