Article | November 28, 2016

Compliance Isn't Enough: Improving Governance, Risk Management, Compliance

Source: Caradigm
Regulatory Compliance Elevated Standards

By Jaimin Patel Vice President IAM Program Management, Caradigm

Change is the new normal in healthcare, which can come in many forms. Mergers and acquisitions, the formation of accountable care organizations and clinically integrated networks, having new groups of physicians arrive at a teaching hospital, or even the replacement of an EMR are just a few examples. From an IT perspective, the impact is that you constantly have new clinicians needing access as quickly as possible because it impacts patient care. IT and security professionals also understand that access has to be granted and managed in a manner compliant with the HIPAA Security Rule. However, with the increase in motivated and persistent security threats, healthcare as an industry has to move beyond the notion that our goal is only HIPAA compliance.

I recently heard Mac McMillan, CEO of CynergisTek, talk about this at the Caradigm Customer Summit where he stressed that compliance with HIPAA does not equal security. McMillan explained that HIPAA was designed to protect the privacy and security of certain health information. It was not intended to cover all forms of information or to be a complete standard for data protection.