Clearwater Compliance, LLC has published a new white paper discussing the importance of adoption of the National Institute of Standards and Technology (NIST) approach to Information Risk Management (IRM) to improve the way in which sensitive information is safeguarded in the healthcare industry.
Specifically, the white paper “Harnessing the Power of the NIST Framework: Your Guide to Effective Information Risk Management” describes and recommends that organizations adopt and utilize these three components of the NIST IRM approach:
- NIST Cybersecurity Framework;
- NIST IRM Process; and,
- a Maturity Model.
The white paper presents this 3-part NIST approach as providing organizations with a powerful, efficient and effective way to fortify their IRM program in a way to better protect all sensitive data from breaches. In addition to protected health information (PHI) healthcare covered entities and business associates create, receive, maintain or transmit many other sensitive data types which the white paper addresses.
Importantly, the white paper presents a business case for healthcare executives and sets out practical next steps to adopt the framework to help those in this industry establish, implement and mature a more strategic, business-oriented and architectural information risk management (IRM) approach and posture. It also provides them with access to numerous resources to assist them with making high quality decisions about IRM investments.
Clearwater has released this white paper to inform executives and staff of the importance of having a strong IRM program. As the risks to data increase, information security also becomes more of a challenge.
It is also their purpose to stress that information security is a complex, multifaceted challenge that requires participation across the entire organization.
“Too many organizations rely on checklists of controls; in some cases, they’re being bullied into using outdated checklists,” says Bob Chaput, Clearwater’s CEO and the white paper’s author. “Inherently incorrect in these controls checklists is their failure to consider other key elements of any robust IRM program: an organization’s unique information assets, threat sources, threat actions, and vulnerabilities.”
This new white paper focuses on why and how to establish, implement, and develop an organization’s information risk management program using the NIST approach. This ensures continuous improvement and the minimization of future risks. Given the increasing threats to sensitive information, healthcare organizations must elevate their IRM programs to safeguard all the sensitive, personal information with which they have been entrusted. The white paper can be downloaded for free here.
We have assisted more than 400 customers to operationalize and mature their information privacy, security, compliance and information risk management programs. And in the process, we are raising the bar for safeguarding PHI, protecting millions of Americans and driving real value for the organizations we support and the healthcare industry at large.