Why You Shouldn ’t Take Calculated Risks with Security

The following is a guest blog post by Erin Gilmer (@GilmerHealthLaw). Calculated risks are often lauded in innovation.  However, with increasing security breaches in the tech industry, it is time to reassess the calculated risks companies take in healthcare. Time and again, I have advised technology companies and medical practices to invest in security and yet I am often met with resistance, a culture of calculated risk prevails.  To these companies and practices, this risk may make sense to them in the short term. Resources are often limited and so they often believe that they needn’t spend the time and money in security.  However, the notion that a company or a practice can take this chance is ill advised. As a recent study conducted by HIMSS (and reviewed by Ann Zieger here) warns, “significant security incidents are projected to continue to grow in number, complexity and impact.” Thus in taking the calculated risk not to invest in security, companies and practices are creating greater risk for in the long run, one that comes with severe consequences. As we have seen outside of healthcare, even “simple” breaches of user names and passwords as happened to Under Armour’s MyFitnessPal app, become relatively important use cases as examples of the impact a security breach can have. While healthcare companies typically think of this in terms of HIPAA compliance and oversight by the Office for Civil Rights (OCR), the consequences reach far wider.  Beyond the fin...
Source: EMR and HIPAA - Category: Information Technology Authors: Tags: Digital Health Health Care Healthcare HealthCare IT HIPAA HIPAA General mHealth Mobile Apps Mobile Health Care Aetna Breach CVS Caremark Breach Erin Gilmer Grindr HIV and HIPAA OCR Source Type: blogs