Michael Rasmussen, Corporate Integrity; Chris Merritt, Lumension
Safeguarding electronic protected health information (ePHI) has proved quite challenging for many healthcare organizations. In fact, 80 percent of responding healthcare organizations had experienced at least one incident of lost or stolen electronic health information in the past year*.
Regulators have clamped down, enforcing HIPAA Security Rule requirements with more regularity and instituting heavy financial penalties and additional audit requirements on non-compliant organizations. Add in HITECH, PCI DSS and many state data protection/breach notification laws and the data protection compliance burden for healthcare organizations is greater than ever before.
Yet many organizations continue to address each security regulation as one-off projects and rely on compliance by spreadsheet, which is a surefire way to extend the cost, time, errors, and resources needed to complete audits – up to a 50 percent higher spend on compliance than necessary**. Not only is such an approach more costly, but it does not provide the necessary visibility into an organization’s IT risk so that ePHI can be effectively safeguarded against future threats.
This webcast will examine six keys to cost-effectively ensuring IT security and compliance in the healthcare space.
* Ponemon Institute, Electronic Health Information at Risk: A Study of IT Practitioners, 2009
** IT Policy Compliance Group, Managing Spend on Information Security and Audit for Better Results, February 2009