Information Security and Privacy: A Component of the Hospital Risk Management Program

Author:

Summary:

In healthcare, the traditional security risks of inappropriate access to paper sources of sensitive information have been compounded by widespread transmission of information - within and outside of the organization - enabled by remote electronic access and mobile computing. This all adds up to many more opportunities for unauthorized internal and external parties to obtain information they shouldn't. The typical approach taken to manage information security risk has been reactive to new threats and regulations, and it is not working.

Post-HIPAA, hospitals have ramped up awareness, policies and procedures considerably. However, there are still significant gaps in identifying risks, implementing security and privacy policies and practices, and understanding current threats.

This white paper discusses the functions, governance and interactions of a comprehensive, proactive information security management program that encompasses the processes and governance structure to:

• Perform formal risk assessments
• Identify and prioritize potential threats and vulnerabilities
• Implement reasonable and appropriate security controls
• Proactively monitor the effectiveness of the program and make improvements as needed

The paper also identifies critical success factors and provides practical advice for getting started.

Download "Information Security and Privacy: A Component of the Hospital Risk Management Program"

For more information, please contact us.