Small Health Care Providers’ Responsibility to Sustain an Information Security Program: Who’s in Charge?

Health Care

October 23, 2015
by Rick Ensenbach, CISSP, CISA, CISM, ISSMP, CCSFP

Bookmark and Share
Rick Ensenbach Rick Ensenbach, CISSP, CISA, CISM, ISSMP, CCSFP

View Profile

IT security is a hefty undertaking for large health care organizations and an even bigger challenge for smaller health care providers. But what about building a strong, comprehensive organizational information security/risk management program to keep information private, readily available to those who need it, and safe from tampering? That’s an even greater feat, one that comes with even broader responsibilities which directly impact the business.

Too many health care organizations hold a narrow view of information security. Perspectives range from just physical/facilities security (“guns and guards”) to purely technology (it’s IT’s responsibility). Yet the responsibility isn’t about alarming doors, managing firewalls, or resetting passwords. It’s much more comprehensive. And it isn’t about handing off the duties to an IT person as another responsibility. It’s much more holistic.

Average Rating:

Length: 2 pages (PDF 92 kB)

Rate this Article
*  =  required fields
Your Rating*
E-mail Address*