What Do Board Members of Smaller Healthcare Organizations Need to Know About Healthcare Information Security?
There are four key items that board members need to address as part of any program. These are the Annual Security Risk Assessment, Risk Management Plan, Third-Party Risk, and Ongoing Metrics. The effective uses of these measures can assist board members who may not have cybersecurity or IT experience with the tools they need to fulfill their mission of providing oversight and ensuring initiatives complete the vision.
Every organization needs an Annual Security Risk Assessment. This is mandatory for healthcare providers. CMS strongly recommends that organizations update them at least once a year and/or when major changes to practices or electronic systems occur. This does not have to be done by someone special. One of my recommendations is that organizations complete these themselves to get a better understanding of the environment. Also, in our experience, team members are reticent to discuss concerns with consultants.
Did you find this useful?