The Healthcare and Public Health Sector Coordinating Council (HSCC) Cybersecurity Working Group has published a guide for health providers and companies to coordinate privacy and cybersecurity functions for improved overall compliance and operational efficiencies and effectiveness.
As cyberattacks and data breaches of private information continue to increase in both frequency and severity, there is significant evidence that neither regulations nor enterprise compliance and risk management programs approach these interdependent responsibilities with coherent and coordinated policy and practice.
Factors ranging from organizational structure to conflicting priorities can lead to disconnect between Privacy and Security, increasing organizational risk. The challenges arising from the separation and individualization of Privacy and Security roles, each with their own isolated strategies, can impact an organization in unanticipated ways. Collaboration challenges fall into five overarching themes: (1) cross-functional alignment, (2) operational understanding, (3) team dynamics, (4) organizational culture, and (5) regulatory responsibility.
This publication seeks to do the following:
- Identify intersections, interdependencies, and regulatory and operational distinctions between enterprise Privacy and Security disciplines;
- Enumerate potential challenges and corresponding risks arising from gaps and/or misalignments between Privacy and Security functions and priorities;
- Describe differing structural advantages and disadvantages for coordinating or integrating functions; and
- Recommend options for frameworks, practices, and measures that can assist with informing, coordinating, and integrating Privacy and Security compliance and operations efforts.