Audit: HHS Info Security Program ‘Not Effective’
What Can Healthcare Entities Learn from the HHS OIG Report?
Healthcare organizations can learn lessons from the HHS watchdog report, including that cybersecurity efforts should never really be considered finished and compliance with regulatory requirements and benchmarks can be a moving target, says Susan Lucci, senior privacy and security consultant at tw-Security.
“In healthcare, simply establishing a compliance program to meet regulatory requirements is a misguided end goal,” Lucci says.
“This audit is a wake-up call that covered entities and business associates should be seeking a higher level of maturity” in every security domain, she adds.
“Breaches continue to happen despite having a good program in place. If organizations aren’t continually evaluating the current program’s efficacy and making modifications to policies, processes and training, then complacency can set in and incidents will continue to occur.”