By Bob Chaput, MA, CISSP, HCISPP, CRISC, CIPP/US, CEO and Founder of Clearwater Compliance LLC
Information security and cyber risk management has become an essential component of ensuring patient safety. Concurrently, the threat environment for healthcare organizations has significantly changed and expanded. The net effect of these developments is that traditional approaches to patient safety and information security may not be aligned with the current threat environment, which can lead to gaps in how patient safety and medical data are protected.
In response, healthcare organizations are implementing not only new methods to protect patients and systems, but new models for their patient safety, information security, and risk management efforts. One effective model is to implement an organizational structure that combines patient safety, information security, and risk management authority. Coupled with adoption of the NIST information risk management (IRM) approach, organizations will be able to develop the comprehensive outlook that the fast-evolving threat environment requires and deter gaps from emerging between efforts to protect patient safety and information. The NIST IRM approach provides a standardized framework and process and maturity model that is highly appropriate and adaptable for healthcare organizations.
Hospital leaders should seriously consider institutionalizing collaboration by making one organization responsible for managing patient safety, information security, and risk management. Today, most hospitals assign separate leadership for these functions and responsibilities. Combining patient safety, information security, and risk management responsibilities helps an organization develop a broader perspective about all threats to the quality delivery of patient care. An organization’s structural change is not enough. A more formal approach must be adopted. The strategies, processes, and protections that result will provide comprehensive protection that goes beyond meeting specific guidelines or compliance requirements.
Organizations can realize six essential benefits with the implementation of NIST IRM approach—including market differentiation, continuous process improvement to achieve a mature IRM program, legal and regulatory compliance, better cloud security management, proactive cybersecurity management, and program defensibility.
To learn more about these benefits and read the complete article upon which this blog post is based, read Bob Chaput’s article titled, “Building Capability and Capacity to Take on Healthcare’s Evolving Security Threats” featured in the August issue of Compliance Today magazine.The Threat is Real: A Recommended Approach to Cybersecurity and Patient SafetyClick To Tweet