Every healthcare business is vulnerable, and therefore needs an effective means to deal with ever-growing threats and challenges. In an interview with Healthcare Info Security, Lee Kim, the Director of Privacy and Security at HIMSS discussed the issues faced by the healthcare industry and offered insights.
“Keeping track of where sensitive data is located, detecting breaches, and dealing with insider threats are amongst the most critical issues” said Kim, who also stated that most often organizations unfortunately are not even aware that there has been a security incident. Moreover, the proliferation of mobile devices including smartphones, laptops, tablets, etc., and the use of outsourcing, in addition to connected devices and systems makes it hard for organizations to keep track of where information is. This creates huge vulnerabilities, opening doors to a significant number of threats. Hence, organizations need to have an understanding of how to keep information both private and secure, while staying compliant with various regulations, including HIPAA.
In addition to this, Kim stated that healthcare entities also have to ramp up their breach detection efforts, because better breach detection can help identify security vulnerabilities that need to be addressed. Moreover, with increasingly sophisticated means for getting access to information, insider threats are becoming a growing concern for healthcare providers.
Challenges in Complying with HIPAA
According to Kim, one of the primary issues faced by the healthcare industry is that some providers are not prepared to comply with the HIPAA Omnibus rule and associated regulations. This is because of the lack of organizational culture in terms of promoting security and privacy measures. Insufficient workforce training on security best practices is also another common challenge.
Suggestions for Tackling Compliance Challenges
Kim is of the opinion that there is no magic formula to tackle challenges in compliance without putting in efforts. The best way to address compliance challenges is to have a framework with which to build policies and procedures. Structuring policies and procedures, handling problems in compliance, and having a concrete procedure to organize policies, human capital etc., are significant, irrespective of the approach taken. Without such a framework healthcare entities cannot successfully overcome compliance challenges.
It is this built-in compliance framework that Aegify Security Posture Management and Aegify SecureGRC offer. With compliance best practices integrated into this framework, these platforms can dramatically simplify the compliance process and help overcome all challenges in achieving and maintaining compliance with the HIPAA Omnibus rule.