Guest Column | April 9, 2015

How To Overcome The Disconnect Between Compliance And IT Security

By Mike Semel, President, Semel Consulting, ASCII Group Member Since 2012

There is a huge disconnect between compliance and IT security, which I see every day while conducting compliance and security assessments.

If you focus on compliance, you can create binders full of documentation but not be secure. If you focus on security, then compliance is just a simple exercise in documenting your security efforts in accordance with regulations.

In 2014 the FBI sent a warning to the healthcare industry that its data was not secure:

The biggest vulnerability was the perception of IT healthcare professionals’ beliefs that their current perimeter defenses and compliance strategies were working when clearly the data states otherwise.

Many of the assessments we conduct are for healthcare organizations of all types and sizes — doctors, clinics, hospitals, and health plans — that have to comply with HIPAA. Organizations usually focus on compliance and show us reams of paper — policies, procedures, and training records. In many cases these were purchased as a compliance-in-a-box kit, and the policies still have the original blank spots where they were supposed to insert their organization name. Many that have completed their documentation have not carried it through into actions. Some blindly answer hundreds of questions in compliance assessment tools, or tell consultants that the security described in their policies and procedures is really in place. They believe it themselves. We show them that they are always wrong to some degree.

Please log in or register below to read the full article.

VIEW THE GUEST COLUMN!

Get unlimited access to:

Trend and Thought Leadership Articles
Case Studies & White Papers
Extensive Product Database
Members-Only Premium Content
Welcome Back! Please Log In to Continue. X

Enter your credentials below to log in. Not yet a member of VAR Insights? Subscribe today.

Subscribe to VAR Insights X

Please enter your email address and create a password to access the full content, Or log in to your account to continue.

or

Subscribe to VAR Insights