Courtesy of HealthIT Security | by Patrick Ouellette | Date July 30, 2013

HealthITSecurity recently spoke with CynergisTek CEO, Mac McMillan on some of the trends seen in breach responses in the healthcare industry with the question of, “How exactly are these organizations fixing their security gaps”.  McMillan explains that entities that have been fined tend to be more willing to change their security program staffing.  McMillan provides the example that often security officers are shuffled to the compliance department or some group in the organization that is more objective, and many organization’s will replace their previous privacy officers that were also the HIM director by bringing in new compliance and privacy officers.  McMillan provides seven other examples of trends seen in reaction to a breach:

  1. “Patient data safeguard trends” – currently there is movement with new technologies and policies in regards to the HIPAA Security Rule safeguards
  2. “More encryption” – many organizations are encrypting data as they learn that is necessary during a breach investigation
  3. “Beefing up business associate agreements” – covered entities are now adding more language to their business associate agreements (BAAs) to keep their BAs accountable and responsible for breaching sensitive data
  4. “Cyber insurance gaining popularity” – organizations are searching to find a way to protect themselves from breaches caused by circumstances they can’t always avoid, such as an employee’s human error
  5. “Risk assessments” – organizations are being more proactive by conducting an internal risk assessment and many are turning to an independent third-party
  6. “Privacy monitoring” – organizations are realizing employees with access are causing breaches and now are being more proactive when it comes to privacy monitoring
  7. “Managed Services” – many are challenged to internally manage “firewalls, IDS and log management” and many are turning to third parties for around-the-clock help with managed services

To read the full article, please visit HealthITSecurity’s site by clicking here