Security and Privacy

Security and privacy controls are important for healthcare information technology (IT) systems. Healthcare IT systems have been targeted by hackers and criminal organizations. Criminals will target any company or system from which they believe they will be able to extract sensitive data. It is easier and less expensive to implement security controls during the initial implementation of an IT system rather than try to add technical controls just prior to the activation. The healthcare organization's security team will require administrative, physical, and technical safeguards to ensure the confidentiality, integrity, and security of electronic Protected Health Information. IT security staff familiar with the hospital's electronic medical record and ancillary IT systems will need to review the new system's technical description, architecture diagrams, data flows, and expected access privileges to make appropriate recommendations for securing the data at rest and in transmission to users and connected IT systems.