I’ve often written that the key to really ensuring the security and privacy of data in healthcare, we need healthcare organizations to build a culture of security and privacy. It’s not just going to happen with a short term sprint.
So, I thought I’d have some fun and turn it into a list of ways for you to know if your organization has an organization of healthcare IT security or not.
You might have a culture of healthcare IT security if…your chief security officer has power to influence change.
You might have a culture of healthcare IT security if…you’ve spent time doing risk mitigation after your HIPAA risk assessment.
You might have a culture of healthcare IT security if…you’ve found breaches in your system (Note that you found them as opposed to them finding you).
You might have a culture of healthcare IT security if…you’ve turned down a company because of their inability to show you security best practices.
You might have a culture of healthcare IT security if…you’ve spent as much time on people as technology.
You might have a culture of healthcare IT security if…someone other than your chief security officer or HIPAA committee has brought a security issue to your attention.
You might have a culture of healthcare IT security if…you’ve spent a sleepless night worrying about security at your organization.
I’m sure I’m missing some obvious things. Please add to the list in the comments.