Security Magazine logo
search
cart
facebook twitter linkedin youtube
  • Sign In
  • Create Account
  • Sign Out
  • My Account
Security Magazine logo
  • NEWS
    • Security Newswire
    • Technologies & Solutions
  • MANAGEMENT
    • Leadership Management
    • Enterprise Services
    • Security Education & Training
    • Logical Security
    • Security & Business Resilience
    • Profiles in Excellence
  • PHYSICAL
    • Access Management
    • Fire & Life Safety
    • Identity Management
    • Physical Security
    • Video Surveillance
    • Case Studies (Physical)
  • CYBER
    • Cybersecurity News
    • More
  • BLOG
  • COLUMNS
    • Cyber Tactics
    • Leadership & Management
    • Security Talk
    • Career Intelligence
    • Leader to Leader
    • Cybersecurity Education & Training
  • EXCLUSIVES
    • Annual Guarding Report
    • Most Influential People in Security
    • The Security Benchmark Report
    • The Security Leadership Issue
    • Top Guard and Security Officer Companies
    • Top Cybersecurity Leaders
    • Women in Security
  • SECTORS
    • Arenas / Stadiums / Leagues / Entertainment
    • Banking/Finance/Insurance
    • Construction, Real Estate, Property Management
    • Education: K-12
    • Education: University
    • Government: Federal, State and Local
    • Hospitality & Casinos
    • Hospitals & Medical Centers
    • Infrastructure:Electric,Gas & Water
    • Ports: Sea, Land, & Air
    • Retail/Restaurants/Convenience
    • Transportation/Logistics/Supply Chain/Distribution/ Warehousing
  • EVENTS
    • Industry Events
    • Webinars
    • Solutions by Sector
    • Security 500 Conference
  • MEDIA
    • Videos
      • Cybersecurity & Geopolitical Discussion
      • Ask Me Anything (AMA) Series
    • Podcasts
    • Polls
    • Photo Galleries
  • MORE
    • Call for Entries
    • Classifieds & Job Listings
    • Continuing Education
    • Newsletter
    • Sponsor Insights
    • Store
    • White Papers
  • EMAG
    • eMagazine
    • This Month's Content
    • Advertise
  • SIGN UP!

Go Proactive for Healthcare Identity

November 1, 2005
A proactive approach or reverse funnel can prevent known risks before they occur.
Since the introduction of the Federally mandated Health Insurance Portability and Accountability Act (HIPAA), healthcare organizations, payers and covered entities have invested millions of dollars toward achieving compliance and safeguarding protected healthcare information, including electronic protected healthcare information. Many of the protection rules – and in some cases entire sections of the rules – were not completed when HIPAA was first introduced. This meant that these organizations had to define their own IT and security measures in the healthcare space to ensure they met compliance requirements on or before the expected due dates.

The early days

Over the last five years, security has become increasingly more complex. Smarter viruses and worms, increasing malicious attacks, keyloggers, phishing and polymorphic spyware require security managers to take a more dynamic approach in protecting their organizations.

Early security assessments and action plans were basic in nature. This was due to the fact that when these plans were written many of the security rules were not released. Therefore, there was no way to understand the exact level required to meet compliance standards. For this reason, security recommendations and implementations took shape as a proactive or reactive approach. Which plan took place depended on the vendor, their product and how well they convinced an already confused audience.

These two approaches served as a foundation by providing better security for organizations in the beginning as they increased security and security IT infrastructures compared to what many originally had. Because of the continuing increase in electronic and physical risks to organizations, sole dependency on one of these earlier approaches could present problems for the organization.

The Proactive Approach (shown in the chart here.) can also be known as a reverse funnel. This approach implements measures to prevent known risks before they occur. It can make it difficult to provide accurate returns on investment, since the investment is returned only if the known events occur. This model can have high cost of ownership if implemented and managed internally, since organizations have to support the cost of the hardware and software and employ qualified personnel to manage the environment. This approach also can prove difficult to smaller organizations that do not have adequate budgets to employ qualified multi-functional personnel to support a 24/7 operation.

The Reactive Approach depends on the implementation of a series of tools to generate a maze to slow down or prevent access to critical information. This approach may remove the use of certain early detection tools, such as intrusion detection, and depend more on off-the-shelf and manageable products. In addition to the cost of implementing the required products, this model has associated risk based on the fact that even if one event occurs within the maze, propagation rates within the network can prove to be a costly annoyance at best, or, at worst, a catastrophic event for the organization.

Dynamic security model

Even with baselines determined and many of the rules and deadlines now being finalized, unknown risks ensure that security models and HIPAA rules will have to remain dynamic. Today’s healthcare organizations need to implement a dynamic or adaptive security model to stay ahead of the continually changing security environment and requirements.

Healthcare organizations today can and should take advantage of all-inclusive services that will provide them with a controlled dynamic model. In implementing a dynamic model, the managed security services provider (MSSP) serves as a filter between the healthcare organization and the world. The MSSP provides a security utility infrastructure that provides services to generate forward-looking protection from known risks and serves as a barrier from potentially catastrophic events. Experienced providers are technology agnostic and work with pre-integrated products.

Summary

Today’s healthcare organizations can not afford to be unprotected, especially with the continued escalation of security threats entering the marketplace each year. Even though penalties for security violations will not start until after 2008, healthcare organizations must show diligence in protecting themselves today. Penalties of $100 per violation or a maximum of $25,000 per calendar year will not remove the direct impact for being reported as a non-compliant organization and could be overshadowed by the collateral damage caused from credibility loss or increased civil litigations. These risks are unnecessary for healthcare organizations, which need to concentrate their resources on their core competency by providing the best healthcare services available to their customers.

Share This Story

Looking for a reprint of this article?
From high-res PDFs to custom plaques, order your copy today!

Recommended Content

JOIN TODAY
To unlock your recommendations.

Already have an account? Sign In

  • Security's Top Cybersecurity Leaders 2024

    Security's Top Cybersecurity Leaders 2024

    Security magazine's Top Cybersecurity Leaders 2024 award...
    Top Cybersecurity Leaders
    By: Security Staff
  • cyber brain

    The intersection of cybersecurity and artificial intelligence

    Artificial intelligence (AI) is a valuable cybersecurity...
    Columns
    By: Pam Nigro
  • artificial intelligence AI graphic

    Assessing the pros and cons of AI for cybersecurity

    Artificial intelligence (AI) has significant implications...
    Cybersecurity
    By: Charles Denyer
Manage My Account
  • Security eNewsletter & Other eNews Alerts
  • eMagazine Subscriptions
  • Manage My Preferences
  • Online Registration
  • Mobile App
  • Subscription Customer Service

More Videos

Sponsored Content

Sponsored Content is a special paid section where industry companies provide high quality, objective, non-commercial content around topics of interest to the Security audience. All Sponsored Content is supplied by the advertising company and any opinions expressed in this article are those of the author and not necessarily reflect the views of Security or its parent company, BNP Media. Interested in participating in our Sponsored Content section? Contact your local rep!

close
  • Sureview screen
    Sponsored bySureView Systems

    The Evolution of Automation in the Command Center

  • Crisis Response Team
    Sponsored byEverbridge

    Automate or Fall Behind – Crisis Response at the Speed of Risk

  • Perimeter security
    Sponsored byAMAROK

    Why Property Security is the New Competitive Advantage

Popular Stories

Rendered computer with keyboard

16B Login Credentials Exposed in World’s Largest Data Breach

Verizon on phone screen

61M Records Listed for Sale Online, Allegedly Belong to Verizon

Security camera

40,000 IoT Security Cameras Are Exposed Online

Fountain pen

Trump Administration Executive Order Changes Cybersecurity Policy

Red spiderweb

From Retail to Insurance, Scattered Spider Changes Targets

2025 Security Benchmark banner

Events

July 17, 2025

Tech in the Jungle: Leveraging Surveillance, Access Control, and Technology in Unique Environments

What do zebras, school groups and high-tech surveillance have in common? They're all part of a day’s work for the security team at the Toledo Zoo.

August 7, 2025

Threats to the Energy Sector: Implications for Corporate and National Security

The energy sector has found itself in the crosshairs of virtually every bad actor on the global stage.

View All Submit An Event

Products

Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

See More Products

Related Articles

  • doctor in hospital

    Strategies for implementing proactive & reactive mass notification

    See More
  • Midway Car Rental installs robotics for tighter security to protect property, assets and people

    Luxury car rental company Midway Car Rental needed a proactive security solution for its 15+ locations

    See More
  • 2010: The Time for Proactive Security

    See More

Related Products

See More Products
  • 150 things.jpg

    The Handbook for School Safety and Security

  • Photonic-Sensing.gif

    Photonic Sensing: Principles and Applications for Safety and Security Monitoring

  • Physical-Security-and-Safet.gif

    Physical Security and Safety: A Field Guide for the Practitioner

See More Products
×

Sign-up to receive top management & result-driven techniques in the industry.

Join over 20,000+ industry leaders who receive our premium content.

SIGN UP TODAY!
  • RESOURCES
    • Advertise
    • Contact Us
    • Store
    • Want More
  • SIGN UP TODAY
    • Create Account
    • eMagazine
    • eNewsletter
    • Customer Service
    • Manage Preferences
  • SERVICES
    • Marketing Services
    • Reprints
    • Market Research
    • List Rental
    • Survey/Respondent Access
  • STAY CONNECTED
    • LinkedIn
    • Facebook
    • YouTube
    • X (Twitter)
  • PRIVACY
    • PRIVACY POLICY
    • TERMS & CONDITIONS
    • DO NOT SELL MY PERSONAL INFORMATION
    • PRIVACY REQUEST
    • ACCESSIBILITY

Copyright ©2025. All Rights Reserved BNP Media.

Design, CMS, Hosting & Web Development :: ePublishing