Information security in the healthcare industry focuses on complying with HIPAA regulations rather than ensuring that healthcare information is really protected. This approach is tactical and sometimes shortsighted.
Since most hospitals and healthcare organizations have CIOs and CISOs dedicated to data control, data governance, security and privacy, you would expect a more proactive approach. Unfortunately most of these organizations continue to approach data security in a very reactive way and – though it may seem obvious to consumers – often do not have a clear understanding of the value of the data they are entrusted with.
Whether patient information is on a PC, printed out, downloaded from a health information system or viewed on a mobile device, you need to protect it and ensure that only authorized people can access it.