Welcome Susan Lucci, RHIA, CHPS, CHDS, AHDI-F, Senior Privacy/Security Consultant
Securing qualified, experienced, security expertise with the rising demand for cybersecurity professionals is a challenge for a healthcare organization. According to Burning Glass, a Boston - based job market analytics provider, a report "Job Market Intelligence: Cybersecurity Jobs, 2015", states that in the last five years, information security positions requiring healthcare compliance and standards knowledge have increased by 248% and risk management by 209%. According to Forbes, there were one million cybersecurity job openings in 2016.
The 2017 Global Information Security Workforce Study (GISWS) states that a serious talent shortage looms in the information security (IS) workforce. A projected 1.8 million IS workforce gap is estimated to exist by 2022. This is an increase of 20 percent from the 1.5 million worker shortfall forecast by the 2015 GISWS. Positions requiring healthcare information security compliance and standards knowledge have increased significantly.
Because cybersecurity jobs require years of training and relevant experience, skills gaps cannot easily be resolved through short-term solutions. And there is a high demand for healthcare data security and cybersecurity talent that holds Certified Information Systems Security Professional (CISSP) credentials. In the U.S. there are three or more job postings for every professional who holds a CISSP certification.
Information security and privacy make good business sense. According to a recent study by Accenture, supported by a Ponemon Institute survey, healthcare organizations could potentially lose $305 billion in patient revenue over the next five years due to the impact of cybersecurity attacks, and the loss of consumer confidence.
Add to the mix a healthy dose of anxiety. Proof that your business associates meet all 24 HIPAA Security Rule standards, the 48 required implementation specifications, vulnerabilities of medical device cybersecurity and biomed equipment, BYOD, the Internet of Things (IoT), digital payment transactions, data at rest, and considerations of PHI in real time transit, are all serious concerns.
tw-Security offers health information technology services provided by qualified, experienced, certified healthcare information security professionals to develop, monitor, and maintain your HIPAA and IT security program. We provide a straightforward, practical, efficient, and reasonable approach to data security protecting your information assets and information systems. Our risk management, information systems, and Cybersecurity services are grounded in the guiding principles that information security is the cornerstone of maintaining the public trust, is primarily a business issue, not just a technology issue, is risk-based and cost-effective, and aligned with your priorities, industry-prudent practices, and government requirements.
Customized to accommodate diverse organizations, from a large academic medical center to a start-up business associate, the flexible offering includes a Virtual Information Security Officer (VISO), and disciplined continual or recurring support - aimed at maintaining or advancing the security program. This service provides ongoing documented efforts supporting your 'Book of Evidence.'
We quickly assess your current capabilities and resources, and assist in the development of a reasonable IT budget to meet required compliance activities, and plan for ongoing management activities and projects. We monitor those services that are required to maintain compliance and identify the 'nice to' projects. If desired, we provide hands-on support working behind the scenes on remediation tasks as an extension of your workforce.
We also offer On Demand support intended to address one-time support issues or help as needed inclusive of emergency virtual security support with certified security professionals.
In order to maintain a compliant information security program, there are some basic, ongoing activities that must be performed. Serving as a consultant, we follow your direction to improve and maintain your information security program. The purpose of tw-Security’s VISO – Information security program support services is to provide: