To define “security” means being free from danger or threat; however to apply this definition to healthcare organizations is misleading. Many hospital security programs focus on achieving compliance with governmental rules and regulations as the catalyst to a well-defined information security program, but this may be a mirage. There is a distinct difference between achieving compliance and true information security.
The absence of a significant security breach within an organization may lead to a feeling of confidence even if unknown security risks still exist. This false confidence may be further perpetuated by the completion of a security risk assessment and the receipt of Meaningful Use payments. However, industry data tells a different story with possible dire consequences. In 2013, more than seven million patient health records were breached, which is a 138 percent increase over 2012; and the breach announcement by Community Health System in September 2014 has served as a true wake-up call to the importance of remaining vigilant in the protection of all information assets. These security breaches and other unplanned outages cost U.S. hospitals $1.6 Billion each year.
Remedying the healthcare industry’s current approach to information security will require a shift from a compliance mentality to a true focus on information and data security. There are several steps I’d recommend and to learn more, please see “Overcoming a False Sense of Security in Healthcare,” a recent white paper from Impact Advisors.
To learn more about Impact Advisors’ approach to conducting a security risk assessment, contact David Flynn at firstname.lastname@example.org.