HP Security Products Blog
From applications to infrastructure, enterprises and governments alike face a constant barrage of digital attacks designed to steal data, cripple networks, damage brands, and perform a host of other malicious intents. HP Enterprise Security Products offers products and services that help organizations meet the security demands of a rapidly changing and more dangerous world. HP ESP enables businesses and institutions to take a proactive approach to security that integrates information correlation, deep application analysis and network-level defense mechanisms—unifying the components of a complete security program and reducing risk across your enterprise. In this blog, we will announce the latest offerings from HP ESP, discuss current trends in vulnerability research and technology, reveal new HP ESP security initiatives and promote our upcoming appearances and speaking engagements.

Healthcare organizations not ready for new security standards

A new wave of federal requirements set by the HITECH provisions of the American Recovery and Reinvestment Act  concerning the confidentiality of patient data and personal health information are getting ready to be implemented. Among provisions concerning new rules and fines for data breach disclosure, one new requirement is that healthcare organizations will now be mandated to conduct annual risks assessments. On top of that, the Office of Civil Rights (OCR) will soon begin auditing healthcare organizations to ensure compliance with the new HITECH rules.


So, are healthcare organizations getting ready for these changes? As of yet, not so much. A recent survey conducted by the HIMSS found that 53% weren't conducting annual risk assessments. 58% had no dedicated staff for security efforts. Half currently spend less than 3% of their organizational resources on security.


A lot of healthcare organizations can  be forgiven in that until just the past year HIPAA rules were rarely enforced. Things have changed, though. The move towards Electronic Health Records has necessitated that security concerns  be addressed (albeit after the fact and not in conjunction, but hey, one thing at a time). And as the new regulations actually have some teeth, the potential negative impact of doing no risk analysis whatsoever should help to spur organizations that deal with healthcare information into the fold. Now let's hope they know that.

BillW | ‎09-30-2011 09:59 AM

This is exactly on target.  From a InfoSec Healthcare perspective, we're tracking a great deal of interest in mapping compliance to our product and services.  The internal message is how to create that visibility within the product.  Our group is focusing on a internal Security Development Lifecycle which tracks compliance requirements, like HITECH and HIPAA to specifics on how controls and audits work within the systems we provide.



Leave a Comment

We encourage you to share your comments on this post. Comments are moderated and will be reviewed
and posted as promptly as possible during regular business hours

To ensure your comment is published, be sure to follow the Community Guidelines.

Be sure to enter a unique name. You can't reuse a name that's already in use.
Be sure to enter a unique email address. You can't reuse an email address that's already in use.
Type the characters you see in the picture above.Type the words you hear.
Showing results for 
Search instead for 
Do you mean 
About the Author

Follow Us
The opinions expressed above are the personal opinions of the authors, not of HP. By using this site, you accept the Terms of Use and Rules of Participation.