Staying on top of the ever-increasing risks to data security is more than a full time job. When your upper management team is aware of potential problems or risks, then your organization has a better chance of planning for them. This is especially true if their approval is needed to implement changes or procedures that will help your organization to successfully keep on top of information risk management.
Major intrusions into healthcare computer systems are now happening at the pace of two or three a day, as healthcare is now considered a top target. The speed of these attacks and the volume with which they are occurring is increasing significantly. A much more robust response across the U.S. government and private sector is required.
-Deputy Assistant Director, FBI Cyber Division April 2015
Whether the problem could arise internally from a disgruntled or careless employee or there is an increased risk externally due to a vendor or third party service provider who hasn’t implemented their own information risk program, upper management may not realize how extensive these issues can be unless they are made aware of the risk.
So what’s the best way to navigate the challenge of reporting this information to your senior team in an effective way?
One way is to stay on top of the latest breach and enforcement activities so you can inform upper management on a regular basis of the risks to your information and the repercussions that may arise. Consider establishing a formal business associate (BA) management program that includes risk-rating your BAs according to, among other things, the amount and type of information they have, the sensitivity of that information and the criticality of those service providers to your organization.
You may want to start scheduling monthly or quarterly meetings with them to detail recent security incidents or privacy violations at your organization or at your BA, discuss the challenges and provide recommendations on how to prevent or detect breaches before they create major problems. If you’re concerned about keeping up-to-date on compliance regulations or on how to create a stronger information risk management program for your organization, your best bet is to obtain information from those who are at the forefront of making sure that threats to information security are minimized.
At our upcoming HIPAA Compliance and Information Risk Management BootCamp™, entitled Improved Quality of Care & Patient Safety through Better Information Risk Management, we will have a panel of experts in the field of information risk management. Our panel will consist of local and national leading Chief Information Security Officers who will discuss the challenge of distilling volumes of risk data including assets, threats, vulnerabilities, and risk itself into presentable, actionable information to C-Suites and Board of Directors.
We have assisted more than 400 customers to operationalize and mature their information privacy, security, compliance and information risk management programs. And in the process, we are raising the bar for safeguarding PHI, protecting millions of Americans and driving real value for the organizations we support and the healthcare industry at large.