More than half (56%) of the respondents to Ponemon Institute’s Fifth Annual Data Breach Preparedness Study reported experiencing an organizationwide breach. Of these respondents, 51% reported that their organization’s data response plan is not very effective.
Core security and privacy training content often falls short of good practice. Sometimes, the information security officer and privacy officer do not have the resources to create robust content. Furthermore, organizations often limit training time to avoid any impact on productivity. However, providing incomplete information is short-sighted. An inadequately trained workforce is more likely to directly or indirectly cause regulatory violations and breaches.
Completing a risk analysis can be a tall order for most organizations. A significant amount of work is required before the risk analysis can even be started—and more work must be done afterward to address the vulnerabilities identified by the risk analysis.
Healthcare organizations are facing challenging times. Shifting reimbursement models and the uncertainty surrounding federal programs may cause organizations to tighten their spending. Every department—from clinical to security—can feel the pinch as leadership prepares to weather the bumpy road ahead.
Q: Does a hospital need to obtain the patient's written consent before obtaining physician office notes? Can I contact the physician office and request the needed information without obtaining a written consent from the patient? The office notes are needed for payment purposes.
