There’s an ever-increasing number of threats to healthcare information.  Healthcare information is more valuable and visible than ever; and, at the same time, more vulnerable than ever.  You feel responsible and, as the CISO, you are responsible for its security.  Conducting a comprehensive, bona fide risk assessment can be an effective first step in building credibility with the executive team and board and, therefore, in building a business case for cybersecurity investments in your organizations.  In addition to conducting the risk assessment, you should:

  • Find a sponsor on the executive team to use as a sounding board on risk appetite, sufficiency and understandability of supporting information and recommendations on mitigating risks.
  • Build a cross-functional team to help identify and respond to threats and vulnerabilities to include representatives from any function that has access to protected health information (PHI) or is involved in procedures for providing or terminating access to PHI.
  • Change the technology language you and your team use from “compliance and information security” to “patient safety and quality of care” – these words will resonate more with CEOs and other functional leaders you’ll want on your side.

Read the entire article at Healthcare Informatics.

Bob Chaput

CEO at Clearwater Compliance
Bob is the CEO and Founder of Clearwater Compliance. He has 25 years of experience in the Healthcare industry, and his experience includes managing some of the world’s largest HR, benefits and healthcare databases, requiring the highest levels of security and privacy. Mr. Chaput continues to expand and update his knowledge base on HIPAA-HITECH compliance through postgraduate study, earning professional certifications and participating in professional healthcare and other organizations.