As OCR promises more fines, two CIOs offer tips on risk assessments

Enforcement now a "fact of life," says Rodriguez
By Mike Miliard
11:14 AM

It's "a lot nerdier, but that's what's really going to make all the difference in the long-run," he said. "We're focusing on the roadmap of compliance."

Enforcement is now a "fact of life," said Rodriguez. "It is having a beneficial effect on compliance." As such, "The number of monetary enforcement cases will continue to grow."

Still, he said, "We are not missing opportunities to get out and educate the industry."

OCR is cognizant that "bad things will happen, breaches will happen," he said.

That's why, "You will not hear me, except in quotations, use the phrase the Wall of Shame," said Rodriguez, referring to OCR's infamous list of large-scaled breaches.

Shaming "is not the purpose of the breach notification program," he said. Fostering a culture of privacy and security is. "At the end of the day it comes down to leadership: Owning compliance issues and doing so consistently."

In other words: Don't do risk assessments. Assess risk.

 

Want to get more stories like this one? Get daily news updates from Healthcare IT News.
Your subscription has been saved.
Something went wrong. Please try again.