Healthcare Information Security Today: 2014 Survey Results and Analysis
What are the top challenges in complying with the HIPAA Omnibus Rule? What steps are healthcare organizations taking to prevent breaches? And what are the top data security priorities for the year ahead? For answers to these questions and many more, check out the Healthcare Information Security Today webinar. Howard Anderson, news editor at Information Security Media Group, presents an overview of the survey's top findings, then leads an expert panel in a discussion of key topics. The sponsor of the survey is (ISC)².
The panelists include: Michael Bruemmer, vice president of Experian Data Breach Resolution; Bob Chaput, CEO at Clearwater Compliance; and Brian Evans, a principal security and privacy consultant at Tom Walsh Consulting. They'll address critical issues, including:
- What's the best approach to revamping breach notification strategies in light of the HIPAA Omnibus Rule?
- Which security technologies will prove to be most critical in helping healthcare organizations safeguard information in 2014?
- How can CISOs build support among executives and board members for investments in information security?
Healthcare organizations face the ongoing challenge of ensuring patient information is adequately protected. And as federal regulators step up enforcement of privacy and security requirements under the new HIPAA Omnibus Rule, there's a growing sense of urgency. But what are the key action items for 2014?
In an overview of the Healthcare Information Security Today survey results, Howard Anderson, news editor at Information Security Media Group, covers a broad range of issues:
HIPAA Omnibus Rule Compliance
Enforcement of the rule began last September. But healthcare organizations are still dealing with several key compliance challenges, including training their workforces and revising business associate agreements.
Top Security Priorities and Investments
Top priorities for 2014 include improving regulatory compliance, boosting staff members' security awareness and preventing and detecting breaches. Top planned investments are an audit tool or log management system, e-mail encryption and a mobile device management system.
Perceived Security Threats
Mistakes by staff, the growing use of mobile devices and business associates with inadequate security are far bigger perceived security threats to healthcare entities than hackers. This makes sense, given that a majority of major breaches have involved lost or stolen unencrypted devices.
Breach Prevention Efforts
Top breach prevention strategies include stepping up training on privacy and security issues and implementing an audit tool to enhance detection of unauthorized access.
Despite all the news about breaches involving lost or stolen mobile devices, only 44 percent of respondents have applied encryption to these devices. And only about a third say encrypting mobile devices is a top priority for this year. The survey also reveals other encryption trends.
Following the survey overview, Anderson convenes a discussion of the findings with a panel of experts.