Global health reform includes reducing the cost of health to patients. As part of this, healthcare organizations need to reduce costs, including IT cost reduction. Healthcare organizations must make a tradeoff and achieve a balance between how much budget to allocate to primary costs associated with delivering great patient care vs secondary costs such as information privacy and security.
A key question is: when is healthcare information privacy and security good enough?
Some healthcare organizations use regulatory compliance as a minimalist approach to answering this question, where only the bare minimum information privacy and security is done to achieve compliance with regulations such as HIPAA Privacy and Security Rules, HITECH Act Meaningful Use, or other similar regulations globally.
Increasingly, healthcare organizations are realizing the value of risk assessments as much more than a regulatory or standards compliance checkbox, but a practical tool and best practice for answering the question of when privacy and security is good enough. Risk assessments bring a measured approach to privacy and security where risks are mitigated through application of safeguards until residual risks are below a baseline of acceptable risk set by the healthcare organization. This avoids information privacy and security becoming a budgetary black hole, while also giving an objective and consistent approach across people and time to managing risks and maximizing the value of the limited budget available by guiding its allocation to highest priority risks.
A new white paper, Improving Healthcare Risk Assessments to Maximize Security Budgets, discusses practical strategies to maximize the value of risk assessments in terms of both guiding the allocation of limited budget to reduce the most business risk, as well as avoiding budgetary black holes. Also, watch the video below for more insight into how this paper can help you with your healthcare risk assessments.