Amy S. Leopard was recently quoted in Healthcare IT News regarding the crucial step of risk assessment when contracting with offshore vendors in patient health information security planning. Leopard spoke on a panel on “Data Security Hot Topics” at the 2015 Healthcare Information and Management Systems Society Annual Conference & Exhibition (HIMSS15), the largest Health IT event in the industry.
In the article, Leopard says that healthcare IT firms should take a hard look at whether offshoring makes strategic sense, given the legal risk of a breach.
“The cost and complexity of using offshore providers is becoming a real issue.” said Leopard. “You have to inventory your vulnerabilities, prioritize your risk and come up with a game plan in an enforcement context.”
“After a breach, the first thing OCR will ask is for your risk analysis,” she added.
Read the complete article, “Offshoring PHI? Risk Analysis is key,” published in Healthcare IT News on April 13, 2015.