Deloitte: Some Healthcare Organizations Ill-Prepared for Data Breaches

Some healthcare organizations are inadequately prepared for privacy and security risk due to lack of internal resources, internal control over patient information and upper management support; outdated policies and procedures or non-adherence to existing ones; and inadequate personnel training, according to a new report released by the Deloitte Center for Health Solutions.

Deloitte's report outlines a basic approach for healthcare industry stakeholders to assess their current preparedness across three key areas:

•    Risk Management. Help identify and assess data security risks to develop appropriate security controls to mitigate or avoid risk. This allows healthcare organizations to make informed decisions on how to allocate security resources to improve data protection.

•    Security and Privacy Program. Develop and implement policies, procedures and training needs to mitigate or avoid risk. This helps create a baseline for standards to secure handling of sensitive patient information and awareness of privacy and security procedures across the organization.

•    Compliance. Maintain organization compliance to its policies and standards. This helps reduce organizational risk; create customer trust and confidence in an organization's protection of personal health information; and reduce potential for financial penalties due to reasonable cause or willful neglect.

Read the Deloitte news release about preparedness for privacy and security risk.

Read other coverage about privacy and security in healthcare:

- HIT Policy Committee Favors Two-Factor Authentication for Remote Users

- 5 Reasons Hospitals Should Pay Attention to HIPAA Right Now

- PPR: Patient Security Lacking in Stage 2 Meaningful Use

Copyright © 2024 Becker's Healthcare. All Rights Reserved. Privacy Policy. Cookie Policy. Linking and Reprinting Policy.

 

Featured Whitepapers

Featured Webinars