In 2013, 45% of data breaches were in the healthcare industry. Because of this, compliance and regulations in healthcare are expected to intensify throughout this calender year. This will not bode well for what healthcare privacy, information security, and compliance officers were wishing for this year.
In a recent survey performed by ID experts we were given some insight as to what security and compliance officers had on their wish lists for 2014, as well as some predictions for the year to come. The wish list sounds more like a needs list. The list is as follows:
- A larger budget
- More staff.
- More in-depth and frequent training.
- Increased help with audits.
- Software to better monitor the use of internet and viewed records.
A study done by the Ponemon Institute shows that a majority of healthcare organizations do not have the proper resources, budget, or policies in place to effectively minimize their risk of a data breach.
We are looking at a situation where healthcare security, privacy, and compliance officers are trying to keep up with perpetually changing regulations and compliances on a shoestring budget and with minimal staff resources. The items on the wish list are not likely to happen. As we have mentioned before healthcare information security is notorious for running on a slim budget, and there are no immediate signs that budgets will be increased. This will provide even more challenges in 2014.
This year will be even tougher on healthcare information security if ID experts predictions are correct. They are predicting:
- Demand for increased reporting, and government (state and federal) enforcement of privacy and security rules.
- More work, higher expectations, and no new staff.
- More intense audit processes.
- Change is in its infancy, 2015 will look totally different.
- More regulations, and not new ones. The old ones will be revised to the point that they will be increadibly difficult to follow. We will see many CEO’s and board members resigning because of the new accountability, compliance officers will be left to fend for themselves.
I think the last prediction is the most worrying. All of the decision making and consequences will likey rest on the shoulders of compliances officers. As if there wasn’t enough for them to worry about, now they face the brunt of the blame if there is any data exposure.
A good way to help battle compliance and spread out responsibility in certain sectors, is to use properly insured and compliant vendors. These vendors can mitigate your risk of a data breach, provide you with an all around complaint service, and provide full indemnification if there is an instance of data exposure. As an example, TechR2 has an ISO 27001 certified solution that includes data containment, auditing, and onsite destruction which meets all necessary compliance standards such as HIPAA, SOX, Gramm-Leach-Bliley, etc. To back that up we also have a comprehensive insurance policy that not only covers us in the event of a breach, but also provides indemnification to our clients.