The document summarizes key points from a symposium on rethinking compliance. Some memorable quotes from speakers include that on average 205 days pass before a data security breach is discovered, that staff training should focus more on teaching people to rethink rather than just teaching the law, and that encryption alone is not enough to ensure security and that additional safeguards are needed. The document also lists common topics discussed at the symposium like information privacy, security risk analysis, training, and breach response.
10. • The health care industry sends
3% of its technology budget on
security, while all other industries
spend an average 10%.
11. • 90% of breaches are caused
by failure to safeguard.
12. • 123456 and ‘password’ are
still the most common
passwords to be breached.
13. • Encryption is not enough. It
was on these surfaces and
hackers go in.
14. • Most people want to do the
right thing. It is a matter of
people knowing the right thing.
15. Information Privacy
• Security Risk Analysis
• Training
• Assessment – Breach
Response
• Tracking – Monitoring
For health plan, providers,
and Business Associates
www.gettinslaw.com 513-400-3895 mbgettins@gettinslaw.com