Compliance isn’t security, but companies still pretend it is, according to survey

It has become a cliche in information security: Compliance is not security.

But there is still an unsettling amount of denial out there, based on a recent study from HIMSS Analytics and Kroll Advisory   Solutions.

According to the 2012 “HIMSS Analytics Report: Security of Patient Data,” increasingly strict regulation and increased compliance   from providers haven’t slowed an increase in breaches over the past six years.

Yet, respondents to the survey, which included CIOs, compliance officers and HIMs, expressed confidence that they are better   prepared for attempted data theft — in spite of evidence to the contrary — because they are in better compliance with regulations   like the Health Information Technology for Economic and Clinical Health (HITECH) Act of 2009.

This is the third of Kroll’s biannual survey of healthcare providers nationwide.

Along with numerous other security experts, Brian Lapidus, senior vice president for Kroll Advisory Solutions, says being   in compliance with policy prescriptions is not the same as actually protecting personal health information (PHI).

The results of that are predictable. The number of organizations reporting breaches went from 13 percent in 2008 to 19 percent   in 2010 to 27 percent in the past year.  (Read More)

This entry was posted in IT Compliance, Sarbox Services. Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *