In health care, the term “safety culture” or “culture of safety” is familiar. It refers to organizational values, attitudes and goals related to providing a safe environment and safe patient care. Although perhaps not as common, the term “security culture” is conceptually very similar to safety culture. An organization’s security culture focuses on beliefs, values and behaviors related to the privacy and security of protected health information (PHI) and other sensitive data.
As health care technology and information-sharing continue to rapidly expand — and as cybercriminals become increasingly sophisticated and savvy — the need for health care organizations to establish a sound and prominent security culture is of paramount importance. Failing to make security a priority, or adopting an apathetic attitude about it, can increase the risk of data breaches, fines, sanctions and liability exposure.
Although health care organizations can use various targeted strategies to address specific security risks (e.g., mobile device theft or ransomware), strategies related to building a robust security culture more broadly focus on organizational approach, policies, procedures and human resources. Click here for the 10 recommendations that offer health care facilities guidance on how to build, enhance and/or sustain a strong security culture.
For these and additional risk management resources contact Professional Insurance Programs at 800-637-4676 or [email protected]
Submitted By: Professional Insurance Programs
Source: ©2018 MedPro Group.