http://www.csoonline.com/article/704577/compliance-isn-t-security-but-companies-still-pretend-it-is-according-to-survey By Taylor Armerding CSO April 19, 2012 It has become a cliche in information security: Compliance is not security. But there is still an unsettling amount of denial out there, based on a recent study from HIMSS Analytics and Kroll Advisory Solutions. According to the 2012 "HIMSS Analytics Report: Security of Patient Data," increasingly strict regulation and increased compliance from providers haven't slowed an increase in breaches over the past six years. Yet, respondents to the survey, which included CIOs, compliance officers and HIMs, expressed confidence that they are better prepared for attempted data theft -- in spite of evidence to the contrary -- because they are in better compliance with regulations like the Health Information Technology for Economic and Clinical Health (HITECH) Act of 2009. This is the third of Kroll's biannual survey of healthcare providers nationwide. Along with numerous other security experts, Brian Lapidus, senior vice president for Kroll Advisory Solutions, says being in compliance with policy prescriptions is not the same as actually protecting personal health information (PHI). The results of that are predictable. The number of organizations reporting breaches went from 13 percent in 2008 to 19 percent in 2010 to 27 percent in the past year. [...] _______________________________________________ LayerOne Security Conference May 26-27, Clarion Hotel, Anaheim, CA http://www.layerone.orgReceived on Thu Apr 19 2012 - 23:26:48 PDT
This archive was generated by hypermail 2.2.0 : Thu Apr 19 2012 - 23:29:25 PDT