The Problem with the Future is the Past

For more than a decade, U.S. healthcare and related enterprises have struggled to comply with the data privacy requirements of government regulations--not entirely for technical reasons, but also because the healthcare industry historically and culturally has been a user of technology that stands apart from business governance. Because regulatory requirements exceed traditional data center and technology boundaries, and because more privacy legislation is inevitable into the future, a response is needed by the entire healthcare enterprise, from the executive suite to patient services.

Healthcare enterprises must break the mold of the past to strengthen their security postures and comply with data privacy requirements. Historical approaches must make way for a new kind of thinking. What is needed to begin this journey is an inventory of protected data, along with the lineage of where the data originated and to whom it has been forwarded. It is also critical to remember that this is an ongoing process, because application systems and business environments change. The best strategy is one of continuous improvement--not a project with a finite completion date. CGI’s white paper on “Cybersecurity for Health Data: Building confidence in health systems” discusses additional considerations for improving healthcare data privacy and security postures in a continuously evolving landscape. For those enterprises that fail to start this process while waiting for the business to “stabilize,” chances are it probably won’t, so start anyway. What are we waiting for?”

CGI brings proven expertise, tools, methodologies and services for improving healthcare enterprises’ privacy and security confidence while meeting customer and regulatory requirements. Our privacy and security team members have gained extensive knowledge through security work within healthcare, as well as retail, hospitality, financial services and other industries. Using a combination of this knowledge and technology-based
methodologies, we establish an overall risk management framework that takes into account each client’s unique risk profile and regulatory and privacy requirements.

To learn more, contact us.