Deloitte’s report outlines a basic approach for healthcare industry stakeholders to assess their current preparedness across three key areas:
• Risk Management. Help identify and assess data security risks to develop appropriate security controls to mitigate or avoid risk. This allows healthcare organizations to make informed decisions on how to allocate security resources to improve data protection.
• Security and Privacy Program. Develop and implement policies, procedures and training needs to mitigate or avoid risk. This helps create a baseline for standards to secure handling of sensitive patient information and awareness of privacy and security procedures across the organization.
• Compliance. Maintain organization compliance to its policies and standards. This helps reduce organizational risk; create customer trust and confidence in an organization’s protection of personal health information; and reduce potential for financial penalties due to reasonable cause or willful neglect.
Read the Deloitte news release about preparedness for privacy and security risk.
Read other coverage about privacy and security in healthcare:
– HIT Policy Committee Favors Two-Factor Authentication for Remote Users
– 5 Reasons Hospitals Should Pay Attention to HIPAA Right Now
