Security is about people. The human touch point is often the
weak link in the chain. Cyber-threats take advantage of this by utilizing
social engineering, as seen in the rise of phishing as a vector for attack.
Security awareness is your tool in the fight against social engineering. But
security awareness is also much more than this. It creates a level playing
ground for your entire workforce and beyond, creating a ‘culture of security’.
With the addition of HITECH Section 13407, the number of
stakeholders that need to be incorporated into a security-aware environment has
been extended to cover all business associates that may have an interaction
with personal data and PHI. This creates a highly diverse group, or eco-system,
of stakeholders who are required to have a good understanding of the healthcare
security landscape. This knowledgebase then allows adherence to the tenets of
HIPPA and HITECH security rules. The end result of a security awareness program that
encompasses all the possible players is an umbrella of security and privacy
respect that will have positive outcomes across the entire eco-system.
Identifying who your key stakeholders are is the first part
of the exercise in security awareness training. As mentioned previously, this
has become a highly extended eco-system of players, brought into place by
changes in the legislation governing information security in healthcare.
Setting out your store in terms of who is a player will help guide your training
exercise. However, the following list gives you an overview of the types of
people involved in training:
- Front
desk workers
- Administrators
- IT and
tech staff
- Medics,
including nurses, consultants and related roles such as social workers
- Transcriptionists
- Healthcare
call center workers and managers
- Medical
claims handlers
- Laboratory
technicians
- Researchers
No comments:
Post a Comment