Background

Since August of 2009, 552 large-scale breaches of PHI have been reported to HHS, impacting nearly 22 million people. OCR recently reported (somewhat to their surprise) that over two-thirds of the findings from their initial 115 HIPAA privacy and security audits were related to security issues, rather than privacy protection or breach notification.

Redspin believes that IT security is a foundational element to the success of the electronic health record program and, as such, a critical factor in the transformation of the U.S. healthcare industry. Yet, given the track record over the past three years, both government and industry efforts to safeguard PHI have clearly not been sufficient. As Susan McAndrew of OCR concluded, "There's a lot of work that needs to be done."

But past is often prologue. OCR itself has had to freeze its ongoing audit program until at least the next fiscal year. An issue as important as safeguarding PHI requires comprehensive and sustained efforts - akin to a military defense. Rather than simply being reactive to government regulations and HIPAA compliance enforcement initiatives, healthcare organizations should take a commanding role here. IT security is mission-critical; marshal the resources necessary to strengthen your security readiness.

In this webinar, we will openly discuss why HIPAA security regulations have not led to meaningful security improvements. Has too much focus has been put on checkbox compliance, breach news headlines and civil monetary penalties? Have eligible hospitals and other providers been moving too fast along the meaningful use path and not allocating sufficient time and resources to protect their IT infrastructure and safeguard PHI? We can't change the past. But we can offer a clarion call for the future by specifically outlining how healthcare organizations can develop and implement more effective security strategies.