This webinar is part of the PPN (PHI Protection Network) Webinar Series.
More and more, healthcare organizations are being targeted by bad actors focused on compromising the confidentiality, integrity and availability of health information for financial gain. The rapidly growing ecosystem of organizations supporting the healthcare industry and the increasing number of attack surfaces has made healthcare a soft target for those focused on exploiting our vulnerabilities. The challenge is the lack of funding for identifying, prioritizing and implementing necessary safeguards and controls to reduce the risks to health information.
Leadership must be convinced that an investment in those safeguards and controls is an investment in damage control to the reputation and financials of the organization. Those directly responsible for information risk management must adopt and present to leadership a methodology that details the return on that investment that funds the expenditure. Once the argument is made and approved, the resulting initiatives in information protection that are implemented will strengthen the resilience of, and minimize the adverse impact on, the organization.
The methodology discussed in this webinar, and outlined in the 2012 report sponsored by ANSI “The Financial Impact of Breached Protected Health Information, A Business Case for Enhanced PHI Security”, has proven to be successful in obtaining funds for information protection. In particular, in a real-life example, one Chief Risk Officer describes her approach to the development of such a business case and the resulting investments that were approved for her organization’s information risk management program as described in the update to the 2012 paper: The Financial Impact of Breached Protected Health Information: 2017 Update.
- How the rollout in 2013 of the PHIve tool increased understanding of the financial impact of a PHI breach
- The process for evaluating and recommending the appropriate investments necessary to mitigate the risk of a data breach
- The funds that were approved and the investments made, including the adoption of a process for incorporating privacy and information protection by design.
Date & Time
November 14, 2017
Have you read the latest PHI Protection Network White Paper?
A must read for Healthcare Leaders!