HIPAA breach fines: It’s time to rethink this mess
There has to be a more sustainable way to get hospitals to put information security controls in place than taking millions out of operating budgets.
When the Department of Health and Human Services Office for Civil Rights slaps hospitals with a hefty fine for a data breach, from where does that money ultimately come?
Tom Walsh, founder and managing partner of tw-Security, contends that since IT is widely viewed as a cost center, and information security, in turn, is overhead to IT, it’s among the first things executives cut from the budget. “Fining an organization is like me tying one of your hands behind your back and saying ‘now get out there and fight the good fight,’” Walsh said. “Don’t tie their hands behind their back.” ……