ISA At Work In The Healthcare and Public Health Sector
The Department of Health and Human Services is designated as the Sector-Specific Agency for the Healthcare and Public Health Sector. ISA member Centene Corporation represents this sector.
Centene Corporation is a Fortune 500 company and a leading multi-line healthcare enterprise that provides services to government healthcare programs. Centene also contracts with other healthcare and commercial organizations to provide specialty services, including behavioral healthcare services through Cenpatico, care management software, correctional systems healthcare, in-home health services, life and health management, vision, pharmacy benefits management, specialty pharmacy and telehealth services.
Geared toward the healthcare industry, ISA and American National Standards Institute (ANSI) launched their third joint publication in the highly successful and acclaimed Financial Management of Cyber Risk series at a March 5, 2012 National Press Club Event opened by National Cyber Security Coordinator for President Obama, Howard Schmidt. The publication, “The Financial Impact of Breached Protected Health Information: A Business Case for Enhanced PHI Security”is available for download.
Successful in its own right, this publication builds upon the enterprise-wide risk management approach developed and promoted by ISA and included in its prior ISA-ANSI joint publications of Financial Risk Management: “The Financial Impact of Cyber Risk: 50 Questions Every CFO Should Ask” (2008) and “The Financial Management of Cyber Risk: An Implementation Framework for CFOs.” In this third publication, we describe the prevalence of protected health information breaches, its higher resale value compared to other stolen information, and provide a five-step formula (known as PHIve) to help estimate the financial impact of such a breach/theft.
In describing this formula, Mr. Schmidt stated that it “would help health care companies move more quickly to protect their patients’ electronic records by providing IT professionals a way to estimate the financial impact of a breach and to convince executives to invest in security infrastructure.” The press seems to agree, having been featured in over 50 articles (and growing) in such publications as Bloomberg, the American Medical Association’s Newsletter, CIO Magazine, Computer World, etc.