Are healthcare organizations doing a good job of protecting patient information? To find out, Healthcare Info Security conducted their inaugural Healthcare Information Security Today survey.
Their 34 page report includes survey results and commentary. It sheds light on five hot topics:
- Key Threats and Mitigation Steps
- Regulatory Compliance Issues
- Technology and Staff Resources
- Cloud Computing Concerns
- Business Continuity Planning
The survey shows improving regulatory compliance efforts ranks as the No. 1 information security priority for the year ahead. And the No. 1 technology investment priority is audit logs. Mobile security is also a high priority as well.
Download the report here.
One key finding:
– Only 74% of the 175 respondents have completed a HIPAA risk assessment
To help address this issue, Pondurance can facilitate and perform the following for our healthcare clients:
- Perform a HIPAA risk assessment using the Pondurance HIPAA/HITECH security assessment framework.
- Perform application interviews to understand the flow of Electronic Patient Health Information (ePHI).
- Perform interviews of information security, network and systems staff to understand the security controls protecting ePHI.
- Perform technical testing for critical applications to understand the security controls protecting ePHI.
- Perform technical testing of information security, network and systems to understand the security controls protecting ePHI.
- Perform management interviews in Information Technology, Information Security, Physical Security, HR, Disaster Recovery and Media Handling.
- Document findings in the Pondurance HIPAA/HITECH assessment report showing risk level, gaps in the HIPAA/HITECH security requirements and recommendations for remediation.
- Create an Executive Summary document and PowerPoint presentation summarizing the findings and recommendations.
- Provide our clients with general HIPAA/HITECH guidance and advice on their Meaningful Use application.
Furthermore, we can review PHI applications thoroughly from the perspective of source code and provide understanding of pertinent areas of the applications through threat modeling.
If you are in the 26% who haven’t yet done their HIPAA risk assessment, please contact us for a discussion on the topic.