The Healthcare industry is under pressure from two directions.One source of pressure is from the hackers who attempt to breach entities using known information security weaknesses.The second source of pressure is HHS regulatory requirements.HHS is issuing strict mandates for health care entities to follow in order to secure protected health information (PHI) and fining them in cases of non-compliance. As a result of these pressures, the industry is undergoing an extreme makeover, but while this is change is in progress, many entities have suffered and continue to experience breaches from internal and external threats. These breaches also lead to major fines per infraction. While entities are preoccupied with HIPAA/HITECH compliance, HHS has failed to remind entities that they typically carry a “Dual Compliance” burden: in addition to HIPAA, the entities must also comply with PCI DSS. PCI regulates the protection of credit card information and the credit card holder. If an entity is protecting their health care data adequately and fail to protect their credit card data in a manner dictated by the PCI Council, they will suffer fines per infraction. Risks can originate from a variety of sources (technology, people,
process, physical, intellectual property). The Risk Assessment is an assessment of the entire organization, not a specific department, building or subsidiary. By assessing the organization as a whole, the security posture can be constructed to support the achievement of organizational business objectives while minimizing risk exposure to organizational assets.
Regulatory matters are quite complex. However, not having the knowledge of which regulatory standards one must comply with
is considered willful neglect. Partner with The Knox Corps to remediate risks to your firm and improve business credibility and
profitability by adequately securing your global assets.