At this point in 2012, many of us are aware of the growing and proliferating sources of data security risk, including big data initiatives involving the implementation of accountable care organizations and health information exchanges, increased use of mobile devices (BYOD), and HIPAA security audits that have already affected several organizations with fines sometimes in excess of $1.5 million.
The surprising fact remains that 69 percent of hospitals don't have the proper policies and controls to respond to data breaches, and only 29 percent of hospitals report that protection of PHI is a high priority in their organization. If security solutions implemented by healthcare organizations are cumbersome and impede the ability of the healthcare worker to deliver patient care, then they may be compelled to use alternative tools that could drive non-compliance issues and additional risk.
To reverse these trends, and to balance priorities between security controls and meeting compliance measures, organizations shouldn't just "check the box" - compliance is the starting point, but should be done toward the end of building a security program. Compliance gives guidance on what measures you should have in place, but should also be used as roadmap for where you're going. Your risk posture is a direct result of not only meeting compliance measures, but also a product of having a process and threat monitoring in place. Having a streamlined program in place that includes full disk encryption, identity and access management, hardware-assisted controls, and mobile application security can also bolster your security posture to stop threats before they arise.
Dell SecureWorks and Intel have teamed up to address these risks in a new webcast that tackles the problem of how to balance the right mix of hardware-assisted security with security services and data risk management. In the webinar, available here, healthcare experts from Dell SecureWorks and Intel discuss how to harmonize security and compliance to your patient care vision, while relieving the time-consuming duties such as monitoring and managing logs, firewalls, and new threats.