Why Information Security Risk Management Makes Sense in the Healthcare Industry

Lately I have been thinking about risk in the context of information security and the healthcare industry. I have written an article that you can find here about using risk management to help healthcare organizations manage their security, privacy and compliance programs more effectively and efficiently. For the most part using risk to manage information security is new territory for the healthcare industry. Yet it has been common practice in the financial services sector for more than ten years. Why it that the case?In the late 90’s financial services companies in New York, London and Tokyo went through a dramatic change in the way they managed their information security programs. Risk management took over as (and remains today) the dominant paradigm for running an information security program and enabling business in the financial services sector.Why did that happen? Well, the financial services world is about transactions. By the late 90’s the infrastructure of the internet had evolved to the point where financial transactions were realistic and could done reliably on a scalable basis. The requirements for enabling electronic transactions were (are) as follows:• Non-reputable communications between two parties, each of whom can verify the time, value and content integrity of the message.• Confidentiality• Authorization• Counterpart authenticity• High availabilityAll of these requirements are info security issues and it became competitive differentiators. A major element of winning in the financial service market was managing information security in the most effective and efficient manner. Risk management is the way to do that.The financial services sector was a natural place for adoption. First, financial institutions are risk-intermediation businesses; as the most sophisticated of them came to realize, the ability to describe, price, and manage risk should be among their core competencies. Second, this sector is rich in data, and thus the raw fuel for risk analysis already exists. Third, and perhaps most important, they are typically highly leveraged and are monitored by regulators who, concerned about the potential impact of failures, pushed for improved risk management. So risk management was and is at the core of the business and the extension of processes and methods to information security was evolutionary rather than revolutionary.I don’t think the same severe pressures on information security that exist in the financial services industry are present in healthcare. However, by making poor decisions around information security, privacy and compliance organizations can destroy patient trust, increase costs, damage brand and create major liability. I think healthcare IT leaders need to borrow the financial services information security playbook and aggressively adopt risk management.

Tennessee Health Insurance: Will Healthcare Reform Help You Get Coverage?

Healthcare reform will start increasing protection for those who need health insurance in Tennessee as of September 23, 2010. That protection will expand coverage to more people and extend coverage beyond previous insurance limits. More people will be able to keep their Tennessee health insurance plans because insurers will no longer be allowed to cancel your policy if you get sick. That provision alone can help to protect people who buy Tennessee individual health insurance plans from dishonest insurance practices.Your choice of doctors will increase, too. Woman will no longer have to get prior authorization to see an ob-gyn doctor. Members in new health insurance plans will also be free to select any participating primary care provider. September 23 also sounds the death toll for the practice of denying children who have known health problems, such as asthma, access to health insurance. If your child has had to endure years in this predicament, you can start to relax soon.Adults with known health problems are also getting more help. As of last July 1, $96.8 million federal dollars was made available to Tennessee to provide coverage for people with pre-existing conditions who have been denied health insurance in Tennessee.This new transitional high-risk pool program is funded completely by the federal government to help people survive until the health insurance exchange becomes available in 2014. If Tennessee does not to run the high-risk pool program, the Federal government will administer it for Tennessee residents. If your medical claim is denied, you’ll also be getting additional help with that. New Tennessee health insurance plans will be required to develop an appeals process to make it easier for you to dispute the denial of your medical claims.Health Insurance In Tennessee Will Have Fewer LimitsIf you are among the 3.2 million Tennessee residents who rely on private insurance coverage, you can stop worrying about being left to face devastating out-of-pocket costs when your bills exceed lifetime limits placed on your coverage. Insurance companies will no longer be able to restrict your coverage to such lifetime limits. In addition, the use of annual limits on coverage will be regulated so you are not denied access to needed care. This will protect the 2.8 million residents who get Tennessee health insurance from an employer as well as those who get new health plans in Tennessee.What Does Healthcare Reform Mean For Small Businesses?The 71,900 small businesses in Tennessee can take advantage of the new small business tax credit. This credit is designed to help them provide coverage for employees and to make premiums more affordable. Until now, small businesses have unfairly had to pay 18 percent more, on average, than large businesses paid for the same healthcare coverage. That prevented many small businesses from protecting their employees with healthcare.Will Seniors Be Affected By Healthcare Reform?In 2009, about 85,000 Medicare beneficiaries in Tennessee lost coverage for their prescriptions as they sank into the infamous “doughnut hole.” That’s a huge gap in Medicare Part D drug coverage that takes away all coverage for prescription drugs. Seniors have been forced to cut their medications in half or go without all together. In 2010, Tennessee Medicare beneficiaries who are stuck in the doughnut hole are automatically being mailed a $250 rebate check. These mailings began in mid-June and the $250 checks will continue to be mailed each month as additional seniors lose their prescription coverage to the doughnut hole.Healthcare reform continues to provide seniors with additional discounts in future years until no one will be subjected to the doughnut hole by 2020.What if you retire before you’re eligible for Medicare at age 65? It’s estimated that 84,700 Tennessee residents do retire before they are eligible for Medicare. With the rising cost of insuring employees, fewer employers now cover their retirees. As of June 1, 2010, a temporary reinsurance program has been set up to support the practice of companies providing health care for their retirees. Not only companies, but also local and state governments and unions are all eligible to participate in this $5-billion program.How Does Healthcare Reform Affect Tennessee Residents In 2010?With healthcare reform, those who already have insurance won’t have that coverage taken away if they get sick or if they need help that exceeds annual or lifetime policy limits. Children with pre-existing conditions who have been denied coverage will get help this September, and $96.8 million federal dollars is already available to Tennessee to provide coverage for adults with pre-existing conditions who have been denied coverage in Tennessee.Seniors automatically receive $250 in 2010 when they lose prescription drug coverage to the doughnut hole, and Tennessee businesses, local and state governments and unions can take advantage of a $5-billion program to cover retirees with insurance. That’s not the end of healthcare reform, though. More benefits will become available in 2014.