As we begin FY2017, most healthcare organizations will be meeting with their Board of Directors in Q1. While many topics will be discussed, it’s no doubt that Cybersecurity is the pulse of what’s trending. Boards are under pressure from shareholders, patients, regulators and other external factors in regards to their roll in cyber security awareness. “Are we comfortable with the current state of security breach and compliance requirements?” “Do we need to be doing more?” These are all questions at the forefront of the board’s mind, followed closely by:
- Is the PHI secured?
- Is it protected?
- How is cyber security effectiveness measured?
When a board asks a healthcare organization’s executive team about their Cybersecurity and preparedness, it brings up the question, “Is there a Desire from the board to be prepared and compliant, or, is there a commitment?”
The Dictionary defines Desire as “to wish for”. Many adults Desire a beautiful new home, the newest imported car or a luxury vacation. The question is, do we accomplish what we must, to acquire what we Desire? Do corporations take these risks in the interest of their organizations?
The Dictionary defines Commitment as “To pledge to a position, the state or instance of being obligated”. Being committed, for many C-level executives, will mean stepping out of their comfort zone in regards to cyber security assessments, self-audits, self-assessments and performance training, just to name a few. Is the Board committed enough to manage cybersecurity threats?
To be vigilant against cybersecurity, executive teams must be prepared to allocate resources such as money, time and employees. They need to be ready to ask the right questions to their employees who have access to the PHI, have the right procedures and policies in place, review the results of the policies and procedures in place every 3-6 months, etc.
Those C-level with a strong Desire to be fully Compliant, will want to look adept in front of the BOD, but will not execute tasks that are strenuous or out of their comfort zone. With all the new rules for revenue cycle, CMS payment regulation - MACRA, changes under ACA, all these are factors that the C-level without a strong Commitment is simply unable to conquer.
As our former President Lincoln said, “I will prepare and someday my chance will come.”
At MindLeaf (www.mindleaf.com) we have been conducting “Healthcare Breach Security Assessment” for healthcare and life sciences organizations. The Breach Security Assessment is complementary and it analyzes your current security breach posture and level of maturity.