This entry is part 6 of 9 in the series CEO-to-CEO

The ‘headlines’ and ‘promotions’ I’ve seen over the last couple days suggest that there’s a simple ‘checklist’ of things to do to Down with InfoSec Checklistssolve the myriad of complex information privacy, security and compliance issues facing the healthcare industry.  It’s almost like “if we could only get our hands on the Big Challenges Facing CISOs Today, we’d be all set.

CEOs don’t buy it and don’t sell it to your board! 

The truth is that your risk environment is a dynamic landscape, constantly changing and incompatible with a one-off “complete it and forget it” approach. The only safe method of risk management is one that adapts and evolves to cover inevitable changes in your organization.

Among the last couple days, here are some of the issues-du-jour!

Wow!  Were information security only that easy!  It’s simply not.

CEOs, you need to lead in this critically important matter.  The financial, operational, legal, regulatory, reputational and, therefore, strategic risks are game changers for leaders, their people, their customers and all their other stakeholders.

I call this “check-list” and “spot-welding” approach to privacy, security and compliance sheer madness.  Your information assets are changing; your threats are changing; your vulnerabilities are changing; the controls available to you to deploy are changing.  The only way you are going to stay on top of this constantly changing collection of ingredients in the risk equation is to establish, operationalize and mature your information risk management program.

We can assist you.

Some key points to remember as you consider your next steps:

  1. Forget the industry… you create, receive, maintain or transmit sensitive data!  Stop splitting hairs over PHI, PII, credit card information, etc.  It’s all sensitive. This data constitutes “information assets” that need to be safeguarded.
  2. Lessons from Target, Community Health Systems, Home Depot, JP Morgan, etc are significant – pick your favorite and go to school on them!
  3. Information Risk Management, specifically, risk analysis, is the place to start and, done properly, will produce a prioritized list of exposures for your organization; not your vendor’s favorite list
  4. Most organizations struggle with information risk analysis & risk management; many are faking it or simply not doing it.  It’s not rocket science and you can learn enough to be a very effective leader in this area
  5. We have an information risk management solutions that meet all industry needs and we can help you.

In an upcoming white paper, we will introduce the Clearwater Information Risk Management Capability Advancement Model™ and self-assessment tool for immediate adoption to assist organizations in building an efficient and effective risk management program best suited to their unique needs.  Register now to receive your copy!


Privacy, Security and Compliance Risk Management Resources Available to You

Clearwater Compliance offers best-in-class HIPAA-HITECH Privacy, Security and Breach Notification software and services. Our years of direct front-line, real-world experience with deep privacy and security skill-sets will help you assess and implement the required people, process and technology controls cost-effectively.

Please avail yourself of any of these free resources which you may access now by clicking on the links below:

Register for one of Clearwater’s complimentary webinars on risk analysis and risk management basics and get to grips with these issues and more.

Series Navigation<< CEO-to-CEO – Risk Management At What Cost, CEO?CEO-to-CEO: Your Next Information Security Expenditure? >>

Bob Chaput

CEO at Clearwater Compliance
Bob is the CEO and Founder of Clearwater Compliance. He has 25 years of experience in the Healthcare industry, and his experience includes managing some of the world’s largest HR, benefits and healthcare databases, requiring the highest levels of security and privacy. Mr. Chaput continues to expand and update his knowledge base on HIPAA-HITECH compliance through postgraduate study, earning professional certifications and participating in professional healthcare and other organizations.