01 Jan Outlook on Risk & Security Compliance in 2012 – What to Expect.
This New Year’s Eve, I thought at times my neighbors were using a rocket launcher and several assault rifles to shoot up the New Year. Lucky for me, I spent the awake time to contemplate the outlook for risk, threat and security issues for 2012 and here’s what I see for 2012.
1. Government-Mandated Compliance Is Here to Stay for the Healthcare Industry.
I remember when the IT departments are many hospitals thought George W. was going to revoke the HIPAA Security Rule. It never happened, and this year, for the first time, there is a regulatory body in place that is intent on REAL ENFORCEMENT.
The Dept. of Health & Human Services, Office of Civil Rights, has expanded HIPAA Security and Privacy Rules to include “Business Associates” including lawyers working in healthcare, and the infamous “3rd Party Providers” who do everything from warehouse data to taking over the IT function of a hospital, and this trend will continue as pressure builds from consumers who’s medical and financial data continues to be compromised.
2. Workplace Violence Prevention will become an OSHA mandate, if not in 2012, at least by 2015. Based on the slug-like pace of OSHA, who only recently provided directives for high risk industries, and the pressure from the more than 30 states who have passed their own regulations, the pressure to stop the number of incidents and to lower their intensities will increase and management will be forced to address it as a major corporate issue.
3. Pressure on the financial industry to protect consumer information will increase. Like many other areas, pressure is increasing to prevent the enormous data breaches we saw in 2011, like Tricare, the recent Stratfor hack by Anonymous, Wikileaks and HealthNet breaches. Consumers are the squeaky wheel and they want the convenience of plastic and internet use, and they will not tolerate breaches, and they are all registered voters!
The FFIEC has already tightened up on both risk assessment standards, as well as
authentication guidelines for all financial institutions.
There will be a increase in requirements for risk assessment as an accountability feature to force managers to maintain better security in all areas of their organizations.
Accountability means that individual managers will be held responsible for the decisions they make regarding other people’s:
1. Financial Data
2. Medical Records
3. Safety from both Violence & Bullying in their workplaces.
Budgets can be cut, and staff can be reduced but consumers are demanding protection of their information, and themselves, and the regulators will make sure they get it in 2012!