Confidentiality, Privacy and Security

HIMSS 2020 Cybersecurity Survey Reveals Progress on SRAs but More Complete Reviews Still Needed

  • 1.  HIMSS 2020 Cybersecurity Survey Reveals Progress on SRAs but More Complete Reviews Still Needed

    Posted 10 days ago
    Always enjoy reading the HIMSS Healthcare Cybersecurity Survey ... it is still showing improvement from prior years, but significant progress on end-to-end SRAs still needed.  Thought others on here would find interest in the numbers and full report:
    https://www.himss.org/sites/hde/files/media/file/2020/11/16/2020_himss_cybersecurity_survey_final.pdf

    From report:
    "Only f
    ifty percent (N=84) of respondents report that their organizations are conducting end-to-end (i.e., comprehensive) security risk assessments. This number has grown over the past few years. Previously, the numbers were thirty-seven percent of respondents according to the 2019 HIMSS Cybersecurity Survey and twenty-six percent of respondents according to the 2018 HIMSS Cybersecurity Survey.

    While
    some progress is good, this is still an alarming trend. Simply put, respondents that are not doing end-to-end security risk assessments have a haphazard approach. Additionally, accurate and thorough security risk assessments are required by HIPAA. Robust cybersecurity however, goes above and beyond what HIPAA requires. Compliance often achieves the bare minimum. A healthcare organization that complies with HIPAA is not necessarily protected from being breached or infiltrated. Robust cybersecurity is vitally important for the safety and well-being of patients and the normal operations of healthcare organizations."

    ------------------------------
    A. Andrews Dean, CPHIMS, CHPS, CHDA, CPPM, CPC
    Health IT Regulatory Affairs & Healthcare Compliance Consultant
    ------------------------------