What Do Board Members of Smaller Healthcare Organizations Need to Know About Healthcare Information Security?

What Do Board Members of Smaller Healthcare Organizations Need to Know About Healthcare Information Security?

Posted Jan 7, 2021 from
Community%20of%20Practice/Join/green?scale=1.5


There are four key items that board members need to address as part of any program. These are the Annual Security Risk Assessment, Risk Management Plan, Third-Party Risk, and Ongoing Metrics. The effective uses of these measures can assist board members who may not have cybersecurity or IT experience with the tools they need to fulfill their mission of providing oversight and ensuring initiatives complete the vision.

Every organization needs an Annual Security Risk Assessment. This is mandatory for healthcare providers. CMS strongly recommends that organizations update them at least once a year and/or when major changes to practices or electronic systems occur. This does not have to be done by someone special. One of my recommendations is that organizations complete these themselves to get a better understanding of the environment. Also, in our experience, team members are reticent to discuss concerns with consultants.

Continue reading at

Did you find this useful? Like

See Topics


Next Article

  • What Do Board Members of Smaller Healthcare Organizations Need to Know About Healthcare Information Security?

    Best Practices to Fulfill the ONC Interoperability Rule

    In March, the Office of the National Coordinator for Health Information Technology (ONC) released the interoperability rule as a part of the 21st Century Cures Act, primarily focusing on data exchange …

    Posted Jan 7, 2021