The healthcare industry must stay vigilant to security threats and work together to learn how to improve security preparedness, according to Charles Christian, chairman of the College of Healthcare Information Management Executives.
The industry needs to work on improving information-sharing without risk of liability, needs to secure medical devices and must understand cyber insurance in the healthcare context, he says in an interview with HealthcareInfoSecurity.com.
He says smaller hospitals are gaining in security awareness, but they always struggle with how much money to spend on security when they have limited resources.
"With security, we know we need to spend some money on it to make sure nothing happens. … But with smaller organizations, it's not that they're unaware, it's just that they have many other things to distract them from what they need to be doing on a daily basis. But I believe they're getting up to speed," he said.
He said he's not sure whether more HIPAA enforcement by the federal government would be the answer, but does add that more hospital boards need to be involved.
Last week, the Department of Health and Human Services' Office for Civil Rights on Monday launched an online platform that enables health technology developers to pose questions and concerns about HIPAA privacy protection.
In addition, healthcare organizations will never reach a point where they have all the security they need in place because the threats change constantly. That's why cybersecurity plans must evolve, John Houston, vice president for privacy and information security at the University of Pittsburgh Medical Center, says in an article at Hospital and Health Networks (HHN).
To learn more:
- listen to the interview