The newly released Third Annual Benchmark Study on Patient Privacy & Data Security, by Ponemon Institute reveals that 94 percent of healthcare organizations surveyed suffered at least one data breach during the past two years.
The findings highlight the need for organizations to act now to secure PHI and protect patient privacy.
Organizations are not breach-proof. They require an ongoing approach to minimize their frequency, size, and impact.
We recommend that healthcare organizations:
1. Operationalize pre-breach and post-breach processes, including incident assessment and incident response procedures. Embedding breach-related processes into everyday business demonstrates what we call a culture of compliance—something regulators love to see.
2. Restructure the information security function to report directly to the board. This move symbolizes a commitment to patient data privacy and security.
3. Conduct combined privacy and security compliance assessments annually. These assessments identify the gaps between an organization’s privacy and security profiles and what the law requires.
4. Update policies and procedures to include mobile devices and BYOD. This is especially critical since, as we discussed, the vast majority of organizations permit employees and medical staff to use their own mobile devices to connect to their networks or enterprise systems such as email.
5. Ensure the Incident Response Plan (IRP) covers business associates, partners, and cyber insurance. An effective IRP encompasses third-party contingencies and the role of cyber insurance in managing a security or privacy incident.
Organizations need to commit to this problem and make significant changes. These five steps are a good beginning.
Read More at: http://www2.idexpertscorp.com/ponemon2012/