Nov 2, 2021
100 Views
0 0

Why Healthcare Entities Fall Short Managing Security Risk

Written by

Breach Notification , Critical Infrastructure Security , Cybercrime
Why do so many HIPAA-covered entities and their vendors do such a poor job managing security risk and safeguarding patient’s protected health information? Many critical factors come into play, say Roger Severino, former and longest-serving director of the Department of Health and Human Services’ Office for Civil Rights, and Bob Chaput, founder and executive chairman of the board of privacy and security consultancy Clearwater.
“The biggest problem was the human one, and it really came down to bureaucratic inertia. So many covered entities just didn’t prioritize health information privacy as part of their culture,” says Severino about the time he spent leading the enforcement of the HIPAA security, privacy and breach notification rules as director of OCR during all four years of the Trump administration.
“It starts from the top down to the bottom. If you don’t have it as part of the ethos, if you don’t see it as helping serve your patients and your clients, then you’re not going to take it as seriously as you should,” he says in an interview with Information Security Media Group.
During his tenure at HHS OCR, Severino says, “we saw so many big breaches and violations that could have been prevented.”
When it comes to security risk analysis and risk management, many of the struggles covered entities and their business associates have are “head shakers,” says Chaput in the same ISMG interview.
“Strategically, the understanding of one’s unique risk is undervalued and underappreciated,” he says. “It’s a bit of a ‘shoot, ready, aim’ phenomenon … and that usually happens when organizations adopt a security controls checklist approach rather than a risk-based approach.”
In the interview, Severino and Chaput also discuss:
Severino, an attorney, is a senior fellow at the Ethics and Public Policy Center. Before joining EPPC, he was the director of HHS OCR from 2017 to 2021.
Chaput is the founder and executive chairman of the board of Clearwater, a healthcare compliance and cybersecurity risk management consulting service.
Covering topics in risk management, compliance, fraud, and information security.
By submitting this form you agree to our Privacy & GDPR Statement





Application Security
Account Takeover Fraud
3rd Party Risk Management
Business Continuity Management / Disaster Recovery
Business Continuity Management / Disaster Recovery
Data Science Institute, Columbia University – New York, NY
Was added to your briefcase
Why Healthcare Entities Fall Short Managing Security Risk
Why Healthcare Entities Fall Short Managing Security Risk
Sign in now
Need help registering?
Contact support
Complete your profile and stay up to date
Contact Support
Create an ISMG account now
Create an ISMG account now
Need help registering?
Contact support
Sign in now
Need help registering?
Contact support
Sign in now
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing databreachtoday.com, you agree to our use of cookies.

source

Article Categories:
Database Breaches

Comments are closed.