1. Adopt a top-down approach to risk management.
2. Leverage governance in risk management efforts for health IT security, privacy and compliance.
3. Adopt a layered cyberdefense strategy.
4. Include detection of and response to breaches in strategic health IT planning.
5. Use enterprise risk management as it relates to your health IT objectives.
6. Allocate enough resources to each data-based project.
7. Operationalize your incident response process.
8. Analyze past incidents to determine what was successful and what was not.
9. Determine incident root causes.
10. Keep staff trained and educated about data security.
More articles on health IT:
