Health Sector Publishes Privacy and Security Coordination Guide
As cyberattacks and data breaches of private information continue to increase in both frequency and severity, there is significant evidence that neither regulations nor enterprise compliance and risk management programs approach these interdependent responsibilities with coherent and coordinated policy and practice.
Factors ranging from organizational structure to conflicting priorities can lead to disconnect between Privacy and Security, increasing organizational risk. The challenges arising from the separation and individualization of Privacy and Security roles, each with their own isolated strategies, can impact an organization in unanticipated ways. Collaboration challenges fall into five overarching themes: (1) cross-functional alignment, (2) operational understanding, (3) team dynamics, (4) organizational culture, and (5) regulatory responsibility.
This publication seeks to do the following:
- Identify intersections, interdependencies, and regulatory and operational distinctions between enterprise Privacy and Security disciplines;
- Enumerate potential challenges and corresponding risks arising from gaps and/or misalignments between Privacy and Security functions and priorities;
- Describe differing structural advantages and disadvantages for coordinating or integrating functions; and
- Recommend options for frameworks, practices, and measures that can assist with informing, coordinating, and integrating Privacy and Security compliance and operations efforts.
The intended audience for this document includes healthcare Privacy, Security, and Compliance leaders, their accompanying teams, and others looking to develop best practices for Privacy and Security programs and policies.
About the HSCC Cybersecurity Working Group
The Health Sector Coordinating Council (HSCC) Cybersecurity Working Group (CWG) is a government-recognized critical infrastructure industry council of more than 400 healthcare providers, pharmaceutical and medtech companies, payers and health IT entities partnering with government to identify and mitigate cyber threats to health data and research, systems, manufacturing and patient care. The CWG membership collaboratively develops and publishes freely-available healthcare cybersecurity best practices and policy recommendations, and produces outreach and communications programs emphasizing the imperative that cyber safety is patient safety. See https://HealthSectorCouncil.org.
For more information: Greg.Garcia@HealthSectorCouncil.org