Governance & Risk Management , HIPAA/HITECH , Risk Assessments

What's Wrong With Relying on HIPAA Compliance?

CISO Jennings Aske on the Need to Use a Comprehensive Framework
Jennings Aske, CISO, New York-Presbyterian

Healthcare organizations that rely too heavily on HIPAA compliance are coming up short when it comes to security, says Jennings Aske, an attorney who is CISO at New York-Presbyterian, an academic medical center. A far better approach, he says, is to rely on the National Institute of Standards and Technology's cybersecurity framework or other comprehensive frameworks.

See Also: Critical Differences Between HIPAA Security Evaluations and Risk Analysis

In a video interview at Information Security Media Group's recent Fraud and Breach Prevention Summit in Chicago, Aske discusses:

  • Why focusing solely on HIPAA compliance is short-sighted;
  • How to leverage the NIST framework in the current threat environment
  • The importance of risk assessments.

Before joining New York-Presbyterian, Aske was vice president of information security and chief security officer at Nuance Communications and served as CISO at Partners Healthcare, UMass Memorial Hospital and the Commonwealth of Massachusetts's Executive Office of Health and Human Services.


About the Author

Howard Anderson

Howard Anderson

Former News Editor, ISMG

Anderson was news editor of Information Security Media Group and founding editor of HealthcareInfoSecurity and DataBreachToday. He has more than 40 years of journalism experience, with a focus on healthcare information technology issues. Before launching HealthcareInfoSecurity, he served as founding editor of Health Data Management magazine, where he worked for 17 years, and he served in leadership roles at several other healthcare magazines and newspapers.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing inforisktoday.com, you agree to our use of cookies.