Forecast 2015: Cloudy with a Chance of Data Breaches
Given this level of frequency of incidents, I think that it isn’t a stretch to conclude that the management of incidents – capturing the facts, assessing whether they are breaches, carrying out regulatory notifications – is something that most larger organizations with some health data are doing on a daily and weekly basis. But it hasn’t become a “mission critical” function in most of these organizations. Something that is carried out like other day-to-day operational functions. Like billing. Or payroll.
Yet, the privacy and security of health data is one of the most highly regulated areas by federal and state authorities. And regulators have become draconian in assessing fines, penalties, and corrective action plans to organizations that can stand up to their scrutiny, especially when there is a data breach.
So for organizations that touch health data anywhere in its chain of custody, not just hospitals and insurance companies, but cloud vendors and those with health apps, and others, 2015 will be the year where incident response becomes a mainstream management imperative.
Privacy incident response management in these organizations can’t continue to be an ad-hoc process. Done part time by an overworked privacy or information security official. For the same reason that organizations use Quickbooks for accounting, and Salesforce for sales management, they are going to need to start using software purpose built for managing the growing frequency of privacy and security incidents. For efficiency, but also for compliance.
If your organization handles any kind of health data, as a privacy, information security, compliance, risk or legal professional, 2015 will be the year to help your organization get its incident and breach management on solid, scalable footing.