Securing healthcare information beyond HIPAA compliance
Information security in the healthcare industry focuses on complying with HIPAA regulations rather than ensuring that healthcare information is really protected. This approach is tactical and sometimes shortsighted. Since most hospitals and healthcare organizations have CIOs and CISOs dedicated to data control, data governance, security and privacy you would expect a more proactive approach. Unfortunately most of these organizations continue to approach data security in a very reactive way and – though it may seem obvious to consumers – often do not have a clear understanding of the value of the data they are entrusted with.
Things are beginning to shift as more and more CEOs and their boards are being held responsible for the consequences of a data breach. Executives are now looking at cyberthreats as a major risk to their business. While compliance is still a major driver in healthcare, compliance does not equal security. Organizations that drive data security efforts based on compliance put their data at risk. Healthcare organizations need to take a more holistic and proactive approach intheir data security strategy.