HIMSS TV is your Insider’s Guide to everything HIMSS. We are the world’s first online broadcasting network, focused on global innovation and how information and technology are driving change in healthcare.
Direct oversight must be weighed against investment in IT talent, according to David Smith, CFO of Anatomy IT.
First-step recommendations are: Do the basics, as in following HIPAA security-rule compliance and doing a security-risk analysis, says Carolyn Metnick, partner at Sheppard Mullin and member of their Healthcare and privacy and cybersecurity team.
Both small and large organizations have risk challenges and threat monitoring gaps. "It's not just the technology, but its also the people and the process part of it, and that part is really hard for healthcare," says Steve Cagle, CEO of Clearwater.
The model allows for a gradual approach to risk for more conservative and less experienced ACOs, in comparison to ACO REACH, which requires a greater tolerance for risk but has more rewards, says David Morris, EVP at Cedar Gate Technologies.