– Security frameworks are used in healthcare to provide the bare minimum needs for a security program. But a recent CynergisTek report showed just 47 percent conform to NIST and only 72 percent of providers conform with HIPAA.
The numbers are concerning given the onslaught of attacks, lack of security resources, and legacy systems. While frameworks are not meant to be a golden standard, healthcare providers can pull from each guidance to create a tailored program for the needs of their organization.
The Factor Analysis of Information (FAIR) standard is meant to be paired with these frameworks to drive best practices around managing, measuring, and reporting risk. The recent FAIRCON19 centered around communication and driving culture change throughout an organization to reduce risk.
HITRUST board member and Highmark Health CISO Omar Khawaja sat down with HealthITSecurity.com to dive into the nonprofit’s work and show how the standard can be applied within healthcare organizations to make actionable change.
