How Acquisitions can Bring IT Security Risks
Munzoor Shaikh featured on Health Data Management
Author:
Date : February 2, 2015
Industry:

When a hospital buys another hospital or physician practice, or a software vendor buys another vendor, how much thought about securing protected health information goes into the consolidation process before that process is complete?

Often, not enough, says Munzoor Shaikh, a senior manager at West Monroe Partners, a Chicago-based business and technology consulting firm. As part of its services, West Monroe examines the information infrastructure maturity and security, and conducts HIPAA/HITECH assessments for the organization being acquired. But there often are issues that the company being bought hasn’t tackled--and that the company buying it needs to know.

Shaikh and colleagues have found instances where visitors are being signed into a facility without first receiving a badge or card access, or a visitor should have an escort but one is not required. When Shaikh enters these facilities, he often is not asked to sign in. “I’d like to make the distinction that we do not break protocol, but we notice that protocol is often not required of us but rather insisted by us. That’s how we know we could have gotten away with breaking protocol without actual breaking it.”

To continue reading this article as it appeared on Health Data Management, please click here.

Recruiting Smarts
View More
Related News
Data Driven Insurance report featured in Insurance Networking News
Date : January 27, 2017
Data Driven Insurance report featured in Insurance Business
Date : January 25, 2017
Report proves theory that the insurance industry must quickly embrace analytics to remain competitive in a landscape that is being challenged from all angles
Date : January 23, 2017