Ponemon HIPAA Research Study - Importance Of Access Governance
Posted on Tue, Dec 01, 2009 @ 12:10 PM
We came across this Ponemon Institute study, sponsored by Crowe, on the state of compliance with HIPAA/HITEC. The report is available for download from Crowe's website.
http://go.crowe.com/content/CroweLP?eid=TR9014D&origRef=benchmark
The majority of the respondents to the study are not substantially in compliance with HIPAA/HITECH and the author recommends that they get more aggressive in their approach for complying with the regulation. What was interesting to us was the impact that certain requirements of HIPAA/HITECH regulation would have on a healthcare organization. Access governance and access management policy was the second most highly rated organization impact (31%).
One area of concern that Aveksa identified in a whitepaper we published earlier this year is that healthcare organizations are racing to modernize their patient records systems from manual to electronic. This is a good thing. But if done without having a good access governance control framework in place, the organizational and compliance risks of access control failures will be expodentially higher than they are today. To read our whitepaper on Role Based Access Governance and HIPAA Compliance: A Pragmatic Approach, go here.