Many of the actions identified in the GAO report are related to critical actions needed within healthcare organizations that fall under the purview of information governance.
Although this report was focused on federal agencies and critical infrastructures, there are lessons that can be directly applied in healthcare as we continue to advance information governance practices to strengthen privacy and security practices in our organizations.
Anthem has recently agreed to pay $16 million to OCR for a breach that affected almost 79 million people—merely the beginning of the costs associated with recovering from a breach of this magnitude. The hackers are winning the game; current information and security approaches just aren’t cutting it and healthcare organizations are no doubt at risk.
Data classification is a fundamental component of any information security (IS) program and should be considered a top priority for any organization processing or using sensitive data that they are required to safeguard to meet compliance and contractual requirements.
There are several other approaches that organizations may take to achieve success and a program that actually “sticks.” One of the critical steps is effective communication and training on IG for the entire workforce.
A steward is a person appointed to supervise or keep order. Data stewardship helps promote a robust and sound data governance program that will facilitate good information governance practices.