Well, it looks like the stick of bad PR, regulatory enforcement and legal action has more clout than the business case carrot for most healthcare companies when it comes to their relatively tepid investments in e-security, says a new survey by the Global State of Information Security. Spending to protect electronic health records (EHRs) and other sensitive e-data is reactionary, UPI says, diplomatically, in its recent coverage. Amazingly, the study found that some 30 percent of pharmaceutical companies still don't classify data and information assets according to risk levels. Less than half--46 percent--have an overall security strategy. Is it just me or does this scare anyone else?
For more on e-data security:
- check out UPI's coverage here
For more on the survey (released by PricewaterhouseCoopers, and CIO and CSO magazines):
- check out CIO's article here
Also: check out this interesting report from enterprise content management association AIIM which blames, in part, people like me (the media) for an "over-emphasis" on Sarbanes-Oxley and HIPAA. The report says that end users now have a "disturbingly narrow view" of compliance as a broader issue and what it means for their organizations. -Michael