Updated on 14 February 2014
Mr W Hord Tipton is the executive director of (ISC), US and has more than 30 years of business experience and is responsible for liaising with (ISC) membership, the Board of Directors, as well as all (ISC) regional advisory boards. He also oversees all departments, makes ultimate business decisions, and is responsible for the overall direction of the organization
Technology will continue to play a crucial role in improving the quality of healthcare delivery in 2014. Electronic health records (EHR) adoption will remain a key focus for health organizations to enable a more effective exchange of patient-relevant information between stakeholders. Despite varying levels of technology adoption and digitization in highly fragmented Asian regions, prevailing cloud, social media and BYOD trends will by and large improve the engagement between patients and healthcare providers. Along this transformation is a colossal amount of digital information that needs to be managed smartly and securely. Health Information at Risk The privacy and security of personal health information has become a globally recognized issue and priority.
According to the 2013 (ISC)2 Global Information Security Workforce Study, more than 12,000 respondents in the healthcare industry identified breach of laws and regulations as their top security priority. Security threats come from within and outside healthcare organizations. Security threats come from application vulnerabilities, malware, mobile devices, cloud-based services, internal employees, contractors, and hacker activities, to name a few.
Human error remains the leading cause of health information breaches. Ponemon Institute's December 2012 study, "Patient Privacy & Data Security" estimates that the average annual cost to the healthcare industry could potentially be as high as almost $7 billion. The Ponemon study also calculates that the average cost for the organizations represented in this benchmark study is $2.4 million over a two-year period." The Study also reveals that, "The top three causes for a data breach are: lost or stolen computing devices, employee mistakes, and third- party snafus."
While countries around the world have attempted to manage the issue and improve the effectiveness of security and privacy controls through numerous laws and best practice frameworks, little progress has been made in reducing the number of breaches. When combined with severe penalties agencies are now imposing including, heavy fines and sometimes criminal prosecution, the magnitude of risks borne by entities handling patient health information is resulting in even more diligent and vigorous efforts to protect the information. Critical guardians of informational assets There is a mounting need to ensure knowledgeable and credentialed security and privacy practitioners are in place to protect sensitive information. With that in mind, employers across the globe recognize the criticality of mitigating risk through improved hiring and training practices to ensure their security and privacy practitioners are qualified to do their jobs well. Until now, there has not been a credentialing program to validate a practitioner's core knowledge, skills, and qualifications to protect and keep secure vital healthcare information.
To address that (ISC)2, a global not-for-profit membership body of certified information and software security professionals worldwide, has developed a new certification, the HealthCare Information Security and Privacy Practitioner (HCISPP), to fill the gap between a simple awareness certification applicable to most healthcare workers, and by advanced professionals who have the depth and breadth of experience to qualify for senior-level positions.