The ‘headlines’ and ‘promotions’ I’ve seen over the last couple days suggest that there’s a simple ‘checklist’ of things to do to solve the myriad of complex information privacy, security and compliance issues facing the healthcare industry. It’s almost like “if we could only get our hands on the Big Challenges Facing CISOs Today, we’d be all set.
CEOs don’t buy it and don’t sell it to your board!
The truth is that your risk environment is a dynamic landscape, constantly changing and incompatible with a one-off “complete it and forget it” approach. The only safe method of risk management is one that adapts and evolves to cover inevitable changes in your organization.
Among the last couple days, here are some of the issues-du-jour!
- Social Media and Compliance: Overview for Regulated Organizations
- Lawmakers press HHS on HIPAA clarity for mobile app developers
- Email Encryption, the HITECH Act, and Preventing Data Breaches
- Network Security: Step Out of the Bull’s-Eye
- Next Generation Network Security Architecture for Healthcare
- Healthcare Information Management: A New Urgency
- Malware: Examining the Home Depot Breach
- Securing Identities for Enterprise Users, Devices and Applications
- HIPAA Audits: Documentation Is Critical
- Data Security for Mobile Users: One Size Does Not Fit All
- Securing Distributed Healthcare Networks for PCI DSS 3.0 and HIPAA Compliance
- Your Data Under Siege: Defeating the Enemy of Complexity
Wow! Were information security only that easy! It’s simply not.
CEOs, you need to lead in this critically important matter. The financial, operational, legal, regulatory, reputational and, therefore, strategic risks are game changers for leaders, their people, their customers and all their other stakeholders.
I call this “check-list” and “spot-welding” approach to privacy, security and compliance sheer madness. Your information assets are changing; your threats are changing; your vulnerabilities are changing; the controls available to you to deploy are changing. The only way you are going to stay on top of this constantly changing collection of ingredients in the risk equation is to establish, operationalize and mature your information risk management program.
We can assist you.
Some key points to remember as you consider your next steps:
- Forget the industry… you create, receive, maintain or transmit sensitive data! Stop splitting hairs over PHI, PII, credit card information, etc. It’s all sensitive. This data constitutes “information assets” that need to be safeguarded.
- Lessons from Target, Community Health Systems, Home Depot, JP Morgan, etc are significant – pick your favorite and go to school on them!
- Information Risk Management, specifically, risk analysis, is the place to start and, done properly, will produce a prioritized list of exposures for your organization; not your vendor’s favorite list
- Most organizations struggle with information risk analysis & risk management; many are faking it or simply not doing it. It’s not rocket science and you can learn enough to be a very effective leader in this area
- We have an information risk management solutions that meet all industry needs and we can help you.
In an upcoming white paper, we will introduce the Clearwater Information Risk Management Capability Advancement Model™ and self-assessment tool for immediate adoption to assist organizations in building an efficient and effective risk management program best suited to their unique needs. Register now to receive your copy!
Privacy, Security and Compliance Risk Management Resources Available to You
Clearwater Compliance offers best-in-class HIPAA-HITECH Privacy, Security and Breach Notification software and services. Our years of direct front-line, real-world experience with deep privacy and security skill-sets will help you assess and implement the required people, process and technology controls cost-effectively.
Please avail yourself of any of these free resources which you may access now by clicking on the links below:
- Risk Analysis Buyer’s Guide
- Clearwater Compliance White Paper: Risky Business: How to Conduct a Bona Fide HIPAA Security Risk Analysis
- Clearwater Recorded Webinar event entitled How to Conduct a Bona Fide HIPAA Security Risk Analysis
- Clearwater HIPAA Security Risk Analysis™ software DataSheet
- Clearwater HIPAA Security Risk Analysis™ software Free Trial for qualified organizations
- AboutHIPAA.com Risk Analysis Resources
Register for one of Clearwater’s complimentary webinars on risk analysis and risk management basics and get to grips with these issues and more.
Latest posts by Bob Chaput (see all)
- HIPAA Risk Analysis Tip – Part 5 – Questions & Answers from May 3rd Conversation with Former OCR Director Leon Rodriguez - June 5, 2017
- HIPAA Risk Analysis Tip – Part 4 – Questions & Answers from May 3rd Conversation with Former OCR Director Leon Rodriguez - May 29, 2017
- HIPAA Risk Analysis Tip – Part 3 – Questions & Answers from May 3rd Conversation with Former OCR Director Leon Rodriguez - May 21, 2017