What's Wrong With Relying on HIPAA Compliance?CISO Jennings Aske on the Need to Use a Comprehensive Framework
Healthcare organizations that rely too heavily on HIPAA compliance are coming up short when it comes to security, says Jennings Aske, an attorney who is CISO at New York-Presbyterian, an academic medical center. A far better approach, he says, is to rely on the National Institute of Standards and Technology's cybersecurity framework or other comprehensive frameworks.
In a video interview at Information Security Media Group's recent Fraud and Breach Prevention Summit in Chicago, Aske discusses:
- Why focusing solely on HIPAA compliance is short-sighted;
- How to leverage the NIST framework in the current threat environment
- The importance of risk assessments.
Before joining New York-Presbyterian, Aske was vice president of information security and chief security officer at Nuance Communications and served as CISO at Partners Healthcare, UMass Memorial Hospital and the Commonwealth of Massachusetts's Executive Office of Health and Human Services.