IT Focus Area: healthcare
April 12, 2021
The Cybersecurity Dilemma in Healthcare
Every healthcare organization works diligently to protect the information of patients, members, employees, customers and caregivers. The amount of information collected and stored in the healthcare world is staggering and requires careful attention.
However, many business leaders in healthcare organizations are confused and frustrated by the security friction, the myriad of cybertools, the overhead and increased complexity added to business processes, and the costs of these cybersecurity programs.
Common questions being asked by healthcare business leaders are:
- What is an appropriate cyberspend?
- Are we legally and regulatorily compliant?
- What cybertools and services are actually necessary?
- And what level of risk tolerance will enable business growth, transformation, and success, while protecting data and the business infrastructure?
Add to those questions the regulatory issues, including:
- The HIPAA privacy and security rules
- FDA guidance on medical Devices
- The Model Audit accounting rule for health insurance
- Joint Commission on Accreditation of Healthcare Organizations (JCAHO) privacy and security compliance
- Centers for Medicare & Medicaid Services (CMS) auditing
- Financial controls based on Sarbanes Oxley
- Payment Card Industry compliance and attestation
- Protecting personally identifiable information based on state laws.
Many executives do not understand cyberthreats and feel a need to be more engaged with cybersecurity. Still, without proper collaboration between the two teams, some leaders feel like security is dictating unreasonable and unnecessary technical controls that cripple business innovation, growth, and the ability to embrace consumer-first business models while grappling with budget cuts.
How can healthcare organizations find a balance between adopting transformation and modernization, maintaining the highest security and lowering costs? Watch this HealthIMPACT panel talk as security expert Karl West and other IT leaders discuss how to balance transformation, growth and security risk in healthcare.