Topics
Reimbursement
Senators urge action on physician payment cut before end of lame duck session
Senators urge action on physician payment cut
Revenue Cycle Management
Trends 2025: The demand for interim revenue cycle executives
Trends 2025: The demand for interim revenue cycle executives
Strategic Planning
Advocate spending $1 billion on new hospital and outpatient services
Advocate spending $1B on new hospital and outpatient services
Capital Finance
Cigna nixes speculation of a Humana merger
Cigna nixes speculation of a Humana merger
Supply Chain
Feds shore up healthcare supply chain in wake of hurricanes Helene and Milton
Feds shore up supply chain in wake of hurricanes
Accounting & Financial Management
Healthcare expenditures rise on increased coverage and utilization
Healthcare expenditures rise on increased coverage and utilization
Budgeting
Health system operating margins declined in August
Health system operating margins declined in August
Quality and Safety
American Heart Association launching HCM initiative
American Heart Association launching HCM initiative
Billing and Collections
CFPB warns of illegal tactics by medical debt collectors
CFPB warns of illegal tactics by medical debt collectors
Claims Processing
Denials top reason for eroding provider-payer relationship
Denials top reason for eroding provider-payer relationship
Workforce
Male physicians have more net worth than female counterparts
Male physicians have more net worth than females
Operations
Children's Mercy Kansas City names Dr. Alejandro Quiroga as president and CEO 
Children's Mercy Kansas City names Dr. Alejandro Quiroga as president and CEO 
Medical Devices
Healthcare chatbots may promote racist misinformation
Healthcare chatbots may promote racist misinformation
Hospital/physician relations
Hospitals, physicians submit opposing views to FTC ruling on noncompetes
Hospitals, physicians submit opposing views to FTC ruling
Construction & Facilities Management
Children's Medical expands with new patient tower
Children's Medical expands with new patient tower
Compliance & Legal
Nebraska sues Change Healthcare over ransomware attack
Nebraska sues Change over ransomware attack
Policy and Legislation
Telehealth gets short extension, physician pay is cut in spending bill
Telehealth gets short extension, physician pay is cut in spending bill
Community Benefit
AMA pushes for stricter standards for hospital charity care policies
AMA pushes for stricter standards for hospital charity care policies
Accountable Care
NAACOS pushes ACO REACH extension after $1.54B in savings
NAACOS pushes ACO REACH extension
Acute Care
SDOH, tech key to advancing value-based care, says UHG
SDOH, tech key to advancing value-based care
Ambulatory Care
Cleveland Clinic and Amazon One Medical collaborate on primary care clinics
Cleveland Clinic and Amazon One Medical collaborate
Analytics
Interoperability in healthcare moving forward despite challenges
Interoperability in healthcare moving forward despite challenges
Business Intelligence
HIMSSCast: Research as restorative physician medicine
HIMSSCast: Research as restorative physician medicine
ICD-10 & Coding
Physician practices examine risk adjustment coding in wake of federal lawsuits
Practices keeping close watch on risk adjustment coding
Meaningful Use
Financial disincentives for providers who commit information blocking 
Financial disincentives for providers who commit information blocking 
Medicare & Medicaid
CMS ending VBID model due to high costs
CMS ending VBID model due to high costs
Patient Engagement
HHS, Illinois reach agreement on disability rights laws
HHS, Illinois reach agreement on disability rights
Pharmacy
Senate bill proposes to rein in PBMs by forcing them to sell pharmacy businesses
Senate bill proposes to rein in PBMs
Population Health
Weight loss drugs can save patients and healthcare dollars
Weight loss drugs can save patients and healthcare dollars
Risk Management
UPMC for You partners to offer Medicaid redetermination coverage in laundromats
UPMC for You offers Medicaid redetermination coverage in laundromats
Telehealth
Trends 2025: Telehealth's future faces a Friday deadline
Trends 2025: Telehealth's future faces a Friday deadline
Mergers & Acquisitions
Addus Homecare buttons up $350 million Gentiva acquisition
Addus Homecare buttons up $350M Gentiva acquisition
View more
Sep 12, 2017 More on Risk Management

3 security investments hospitals should make right now

These are the steps infosec pros should be taking today.

Tom Sullivan, Editor-in-Chief, Healthcare IT News

Health and Human Services chief information security officer Christopher Wlasich speaking at the HIMSS Security Forum in Boston on Tuesday.

BOSTON -- Health and Human Services chief information security officer Christopher Wlasich said there are three steps that hospitals should be taking today to bolster their security posture: join forces, treat your patching report like your profit-and-loss report and, at the very least, consider multifactor authentication.

"If you have the ability, then jump into the NH-ISAC," Wlasich said here at the Healthcare Security Forum on Tuesday. "They can help. It's not just compliance, it's also about preparedness and resilience."

Several speakers including former Homeland Security Secretary Tom Ridge and President Obama's cyberescurity coordinator Michael Daniel also recommended that infosec professionals participate in the NH-ISAC, which stands for the National Healthcare Information Sharing and Analysis Center.

UMC Health System information security officer Phil Alexander added that it's not just the ISAC. Other options include the NIST and HITRUST frameworks, FBI and other listservs, Infragard.

Wlasich's second suggestion is to treat your patching report like a P&L -- because it's really that important to a hospital's bottom line.

Whereas common key performance indicators healthcare CEOs consider are bed count, revenue, and compensation from CMS, to name just three, Wlasich said the patching report should be among those KPIs.

If you cannot do either of those then at a bare minimum, Wlasich advised deploying multi-factor authentication.

It's no secret that many hospitals still struggle with budget constraints that inhibit them for joining an ISAC or even implementing multi-factor authentication technologies.

HIMSS Analytics Senior Director of Research Services Bryan Fiekers said that according to its latest Healthcare IT and Risk Management Study, participating hospitals allocate 6 percent or less of their IT budget to infosec. And that's despite the fact that more half of IT shops own risk management within hospitals.

Fiekers said that HIMSS Analytics found the primary drivers of security investments to be risk assessments and HIPAA audits by HHS Office for Civil Rights.

"Those two are the cornerstones for IT security investments and that's true across all the categories of people we interviewed, the business, clinical and IT," Fiekers added. "Everyone's in compliance on compliance." 

HIPAA compliance is, of course, a mandatory baseline for securing patients and their data. Wlasich's three tactics to employ right now build on that.

"Only together will we make the healthcare sector more resilient," Wlasich said.  "The tide raises all boats. Together we'll address the problem, take care of the people who don't have the resources, make ourselves less susceptible to attack and more able to provide the patient care we are capable of giving."  

Twitter: SullyHIT
Email the writer: tom.sullivan@himssmedia.com

Read our coverage of HIMSS Healthcare Security Forum in Boston.

News
Ending racism in healthcare often begins with medical education - and is the target of a new national project Ending racism in healthcare often begins with medical education - and is the target of a new national project Inequities can be found in every facet of the industry, but targeting medical students and residents can help stem the tide.