Healthcare IT: Is your Information at Risk?
This work highlights a critical security issue for healthcare organizations and patients, but it is incremental as it reiterates known risks without introducing new solutions.
The paper addresses the problem of inadequate Information Assurance (IA) programs in healthcare IT, which fail to prevent security breaches of sensitive patient data, and emphasizes the need for effective risk management to ensure compliance and protection.
Healthcare Information Technology (IT) has made great advances over the past few years and while these advances have enable healthcare professionals to provide higher quality healthcare to a larger number of individuals it also provides the criminal element more opportunities to access sensitive information, such as patient protected health information (PHI) and Personal identification Information (PII). Having an Information Assurance (IA) programallows for the protection of information and information systems and ensures the organization is in compliance with all requires regulations, laws and directive is essential. While most organizations have such a policy in place, often it is inadequate to ensure the proper protection to prevent security breaches. The increase of data breaches in the last few years demonstrates the importance of an effective IA program. To ensure an effective IA policy, the policy must manage the operational risk, including identifying risks, assessment and mitigation of identified risks and ongoing monitoring to ensure compliance