How To Include Cybersecurity In Your Privacy Impact Assessment
Keeping information safe and secure is a challenging development for businesses of all sizes over the last few years. Remote working and using cloud hosted services forced healthcare practices to change, or at least re-examine, their cybersecurity practices and protocols.
According to CyberEdge’s Cyberthreat Defense Report, 85% of organizations suffered from a successful cyberattack in 2021.
A privacy impact assessment (PIA) is an important tool to help understand the risks to patient health information and your healthcare business.
The recent Technology Fact Sheet, “How To Protect Against Ransomware“ from the Ontario Information and Privacy Commissioner, provides explanations and recommendations for all businesses.
Conduct privacy and security risk assessments whenever major new technology changes are introduced, and ensure that all critical elements of your IT environment are regularly reassessed.
Does Your PIA Include Cybersecurity Risks and Mitigation Plan?
You should review your PIA regularly, at least annually, and update your risk mitigation plans when there is a change in your administrative, technical, or physical practices. You also need to consider that the threat environment external to your business, like the increasing risk of cybersecurity vulnerabilities, can damage your business.
In this Episode #107 of the Practice Management Nuggets Podcast, Jean L. Eaton, Practical Privacy Coach with Information Managers shows us how to include cybersecurity risks in your PIA.
My Takeaways
A Privacy Impact Assessment is a type of a risk assessment. We know that cybersecurity vulnerabilities is a real risk for all businesses, including medical, dental, and other healthcare practices.
Take the time now to consider the new cybersecurity risks. Discuss this with your IT and managed services provider. Find strategies that work best in your practice. Remember—ignoring the risk doesn’t make it go away!
Next time you update or amend your PIA, include what you have done lately to prevent a cybersecurity incident in your practice.
Listen To The Podcast
Cybersecurity in Your Privacy Impact Assessment | Episode #107
Expert tips with Jean L. Eaton on Practice Management Nuggets Podcast For Your Healthcare Practice.
Listen here: Practice Management Nuggets Podcast