Healthcare organizations must comply with federal HIPAA regulations to protect patient data. But the ever-changing threat landscape requires more robust security risk management programs that can defend against the unknown. So how are healthcare entities doing with their regulatory compliance, and beyond that, their efforts to strengthen overall security and privacy of health data, including preventing and detecting breaches?
We conducted our fourth annual Healthcare Information Security Today survey to find out.
The 2015 survey sheds light on seven hot topics:
- Top Threats: Today's Worries and What's on the Horizon
- Breach Trend Analysis: Concerns About Business Associates
- Compliance Efforts: Reality Check Needed
- Mitigating Risks: Still A Long Way to Go
- Governance: Choosing a Framework
- Top Priorities and Budget Trends
- Staffing: Role of CISO, Skills Sought
For instance, our survey found that nearly 80 percent of survey respondents were confident or very confident their organization would "pass" the scrutiny of a Department of Health and Human Services random HIPAA compliance audit with only minimal issues noted.
How confident is your organization that it would "pass" an HHS Office for Civil Rights HIPAA compliance audit with only minimal non-compliance issues noted?
But are these organizations really making all the right compliance moves, let alone implementing more robust security risk management practices and technology?
Survey Results Webinar
A free webinar presents an overview of the survey's top findings and includes a panel discussion featuring analysis by three experts: Geoffrey Bibby, vice president of corporate marketing, ZixCorp; Michael Bruemmer, vice president of Experian Data Breach Resolution; and Scott McLeod, director of product marketing, Caradigm.
A critical step that more healthcare organizations must take to improve their information security programs is to prepare for the changing threat landscape, especially hacker attacks, advises security expert Tom Walsh.
Although the 2015 Healthcare Information Security Today survey shows improving regulatory compliance is priority No. 1, CISO Cris Ewell of Seattle Children's Hospital suggests building a strong information security program should be a higher priority.
Many covered entities aren't taking the steps needed to reduce the risks involved when business associates access protected health information, says attorney David Holtzman, who analyzes results of the Healthcare Information Security Today survey.
In addition to providing training, healthcare organizations should consider implementing technology to help prevent user mistakes that can lead to breaches of protected health information, says Geoffrey Bibby of ZixCorp.
Because healthcare organizations are juggling so many information security, privacy and regulatory demands, hiring individuals with key professional certifications who can help optimize limited resources is critical, says security expert Steven Penn.
While federal regulators flesh out details of a 10-year roadmap for electronic health record interoperability, which would pave the way for national data exchange, some senators are demanding that more attention be paid to the plans for security and privacy of patient data as it's shared among healthcare providers.