Institute:Office of National Coordinator (ONC) Workforce Training Curriculum
Component:The Culture of Health Care
Unit:Privacy, Confidentiality, and Security
Lecture:Definitions of privacy, confidentiality, and security
Slide content:Health Care Organizations Are Not Well Prepared for Security Security budgets are not keeping pace with complex IT environments and the growing risk of attacks (HIMSS, 2015) Growing sophistication of attacks and number of threats make it hard to keep up There is a need for innovative, advanced security tools and in-depth approaches to address threats and vulnerabilities (HIMSS, 2015) There is not enough highly skilled, security expertise ( Ponemon Institute, 2015) Paper security breaches remain an issue ( Ponemon Institute, 2015) Data leakage is a primary threat Identity and access management is a top priority Chief information security officers (CISO) are not in all organizations 14
Slide notes:There are many challenges facing health care organizations in preparing and maintaining proper security measures. These are just a few: Security budgets are not keeping pace with the complex technology environments and the growing risk of attacks; this limits the ability of health care organizations to address proper security measures. The significant increase in threats and the growing sophistication level of attacks have created a situation in which providers cannot keep up an adequate offensive front. Theres a need for more innovative, advanced security tools and in-depth approaches to keep pace with security threats and vulnerabilities. Theres not enough qualified and skilled security expertise. Slightly more than half (fifty-three percent) of organizations have personnel with the necessary technical expertise to be able to identify and resolve data breaches involving the unauthorized access, loss, or theft of patient data. Paper remains an issue. Fifty-four percent of respondents indicate security incidents occurred involving paper documents with most involving less than one hundred PHI records. Data leakage is a primary threat with identity, and access management is a top priority. Not all organizations have nor can afford a full-time chief information security officer (CISO). This role is primarily found in larger organizations, while smaller organizations may include these job duties with another position. 14