Editor’s Note: The following Letter to the Editor demonstrates that if federal data security regulations are not cost-effective at protecting information, they are counterproductive. For more information, see Cost-Effectiveness: The Prerequisite for Cybersecurity Regulation.
From: The Washington Post | Letter to the Editor
***
It is important to make the distinction between regulatory compliance and cybersecurity. Most if not all hospitals and hospital chief information security officers are focused almost exclusively (to include budgets) on compliance with the Healthcare Insurance Portability and Accountability Act. MedStar has acquired many hospitals and medical practices, and each acquired covered entity requires conformance with both HIPAA and MedStar standards. This compliance leaves little effort and budget for establishing cybersecurity.
Leave a Reply