Health Data Breach Response TipsMcAfee's Kim Singletary on How to Improve Resolution
The big news early in the year: The U.S. Department of Health and Human Services released its long-awaited HIPAA Omnibus Rule, which includes extensive modifications to the HIPAA privacy, security and enforcement rules as well as new guidance on when a breach must be reported.
As healthcare organizations work to meet the Sept. 23 compliance deadline, what does Singletary see as their current state of breach defense preparedness?
"The defenses for healthcare are really limited," says Singletary, director of vertical and technical solutions marketing at McAfee. "This is an industry that has probably not spent that much on IT, and they're having a huge wave of change."
Among those changes are the rising wave of electronic health records, the spread of health information exchanges and the ubiquity of mobile devices.
"Breach preparedness, I feel, hasn't really come together," Singletary says. "It's still a siloed approach within these organizations. They don't have the right tools ... or maybe just the strategy to get to the right place."
The HIPAA Omnibus Rule is a step in the right direction - particularly with its new security and privacy requirements for business associates and their subcontractors. But the industry needs more resources, more focus and more information sharing, she says.
"I'm a little fearful that [healthcare organizations] are not well prepared," Singletary says, "and that there are going to be a lot of ... compromises in the coming years, until they get more robust and mature in their IT model."
In a pre-RSA Conference interview about 2013 healthcare security challenges, Singletary discusses:
- The state of breach preparedness in healthcare;
- Gaps in breach response strategies;
- Healthcare security topics McAfee will discuss with attendees at the RSA Conference.
Singletary's role at McAfee involves supporting vertical markets and the company's overall Security Connected strategy. She has more than 15 years of experience with products and services supporting companies and vertical markets, enabling XaaS, compliance, security and critical computing. Her focus is on how technology, mobility, data and the Internet are changing our day-to-day work environments and the ramifications of sustainable security, compliance and privacy.
Additional Summit Insight:
Hear from more industry influencers, earn CPE credits, and network with leaders of technology at our global events. Learn more at our Fraud & Breach Prevention Events site.