Information security and cyber risk management has become an essential component of ensuring patient safety. Concurrently, the threat environment for healthcare organizations has significantly changed and expanded. The net effect of these developments is that traditional approaches to patient safety and information security may not be aligned with the current threat environment, which can lead to gaps in how patient safety and medical data are protected.

In response, healthcare organizations are implementing not only new methods to protect patients and systems, but new models for their patient safety, information security, and risk management efforts. One effective model is to implement an organizational structure that combines patient safety, information security, and risk management authority. Coupled with adoption of the NIST information risk management (IRM) approach, organizations will be able to develop the comprehensive outlook that the fast-evolving threat environment requires and deter gaps from emerging between efforts to protect patient safety and information. The NIST IRM approach provides a standardized framework and process and maturity model that is highly appropriate and adaptable for healthcare organizations.

Read the entire article at The Compliance and Ethics Blog.

Bob Chaput

CEO at Clearwater Compliance
Bob is the CEO and Founder of Clearwater Compliance. He has 25 years of experience in the Healthcare industry, and his experience includes managing some of the world’s largest HR, benefits and healthcare databases, requiring the highest levels of security and privacy. Mr. Chaput continues to expand and update his knowledge base on HIPAA-HITECH compliance through postgraduate study, earning professional certifications and participating in professional healthcare and other organizations.