Information security and cyber risk management has become an essential component of ensuring patient safety. Concurrently, the threat environment for healthcare organizations has significantly changed and expanded. The net effect of these developments is that traditional approaches to patient safety and information security may not be aligned with the current threat environment, which can lead to gaps in how patient safety and medical data are protected.In response, healthcare organizations are implementing not only new methods to protect patients and systems, but new models for their patient safety, information security, and risk management efforts. One effective model is to implement an organizational structure that combines patient safety, information security, and risk management authority. Coupled with adoption of the NIST information risk management (IRM) approach, organizations will be able to develop the comprehensive outlook that the fast-evolving threat environment requires and deter gaps from emerging between efforts to protect patient safety and information. The NIST IRM approach provides a standardized framework and process and maturity model that is highly appropriate and adaptable for healthcare organizations.Read the entire article at The Compliance and Ethics Blog.

Bob Chaput

CEO at Clearwater Compliance
Bob Chaput is widely recognized for his extensive and in-depth knowledge of healthcare compliance and cyber risk management, and is one of the industry’s leading authorities in healthcare information security today. As a leading authority safeguarding health data, Chaput has supported hundreds of hospitals and health systems to successfully manage healthcare’s evolving cybersecurity threats and ensure patient safety.