Responding to market demand is ISACA, the non-profit security organization, which launched the Certified in Risk and Information Systems Control certification for IT risk professionals early this year.
Educating staff about keeping protected health information off social media should be a high priority, much like education about sexual harassment, discrimination or any other behavior with zero tolerance.
Debbie Christofferson has worked in IT and information security for many years. And if there's anything she's learned about risk management, it's this: It's all about risk. "All of your decisions about information security should be based on risk to the organization."
A total price tag of nearly $1 billion for dealing with the aftermath of major breaches reported to federal authorities so far should motivate healthcare organizations to take aggressive steps to improve security, one analyst advises.