There’s an ever-increasing number of threats to healthcare information. Healthcare information is more valuable and visible than ever; and, at the same time, more vulnerable than ever. You feel responsible and, as the CISO, you are responsible for its security. Conducting a comprehensive, bona fide risk assessment can be an effective first step in building credibility with the executive team and board and, therefore, in building a business case for cybersecurity investments in your organizations. In addition to conducting the risk assessment, you should:
- Find a sponsor on the executive team to use as a sounding board on risk appetite, sufficiency and understandability of supporting information and recommendations on mitigating risks.
- Build a cross-functional team to help identify and respond to threats and vulnerabilities to include representatives from any function that has access to protected health information (PHI) or is involved in procedures for providing or terminating access to PHI.
- Change the technology language you and your team use from “compliance and information security” to “patient safety and quality of care” – these words will resonate more with CEOs and other functional leaders you’ll want on your side.
Read the entire article at Healthcare Informatics.
Latest posts by Bob Chaput (see all)
- HIPAA Risk Analysis: OCR-Quality Audits | Another opportunity to provide assurance to leadership - March 22, 2017
- HIPAA Risk Analysis Tip – OCR CAP Data: Learn Why 9 of 10 Organizations Fail - January 28, 2017
- The Importance of Improving Medical Device Security - November 14, 2016