Education, Tip of the Week, Trends & Technology, Upcoming Events

Informatics Data Security and HIMSS14

Modernizing your systems and keeping up to date is a daunting task in the healthcare industry. However, upgrades, replacements, or modernization of systems is the best option to improve data security and ensure optimal provision of healthcare services.


Informatics is a broad term that includes a myriad of focus areas to meet the evolving needs of technology. There are various fields of study being offered such as social informatics, cheminformatics, security informatics, bioinformatics, and health informatics to name only a few. Degrees are available including a Bachelor of Science in Informatics where a student can study basic concepts of software architecture, a Master of Science in Informatics, and a Ph.D. in Informatics. The internet provides descriptions of many universities offering informatics such as Vanderbilt University School of Nursing, Chamberlain College of Nursing, the University of Michigan, and many more.

In healthcare those in the field of informatics are referred to as clinical informatics. Many clinical informatics are physicians, nurses, and other health care staff who received augmented training in the application of technology to investigate issues in their field. In addition, they are able to interpret, analyze and substantively use electronic health record technology to provide efficiency along with safety in their clinical practice. Knowledge of workflow and project management comes into play as well.

The HIMSS14 Sneak Peek, is a great starting place for those interested or curious about this evolving field. Parker (2013) the Chief Nursing Informatics Officer for Rubbermaid Healthcare, stated her reasons for attending including obtaining her required continuing education as well as the social aspect of networking. Researching new ideas is the main focus why Rabinowitz (2013), Director of Federal Markets, Socrata will attend HIMSS14. He said healthcare data can make the largest contribution in five areas: improving standards of living, improving quality of care, improving provider access, improving value, and improving access to innovation. Rabinowitz (2013) is an advocate for evidence based medicine and innovation.

HIMSS14 will be held in Orlando, Florida with the Nursing Informatics Symposium starting on Saturday, February 22nd, 2014. However, the actual start date begins Monday, February 24th. For more information please visit:

Sponsored by: RISC Management,


Parker, C.D.(2013). HIMSS14’s value to clinicians: It’s more than a shopping trip. Retrieved from

Rabinowitz, S. (2013). Using health data in innovative ways. Retrieved from

Tip of the Week, Trends & Technology

The Role of Security Controls in a Security Program

When your organization is building a security program, clear direction must come from the Executive level to guide management and staff in implementing the right solutions. Without a greater understanding of the organization’s direction, management lacks the proper knowledge to make decisions in the best interests of the organization. In much the same way, a security program needs the proper structure of controls in place to guide the organization at the lower levels of the workforce.

A security control is “any administrative, management, technical or legal method that is used to manage risk.”1 Once your organization has identified areas of need, whether because of security or compliance concerns, controls are the tools used to correct the problem or fill the gap. These tools can consist of staff members, physical or technical measures, procedures, or governance. As Kim Sassaman explains, “Implementation of information technology security controls is how the Security Program is put into operation.”1 When deciding on a control to deploy, the decision needs to be part of a risk analysis or risk management process; each type of control must exist for a specific reason, hopefully filling multiple needs at once.

Some examples of controls include door locks, ID badges, firewalls, encryption, policies, procedures, and oversight committees. One of the most glaring results of the OCR KPMG Audit Program was that nearly 80% of Covered Entities were lacking a formal risk analysis, the very first step in determining the proper controls for your organization!2 And if you haven’t heard about some of the most recent data breaches, many of them have been caused by a lack of encryption or media disposal controls. These issues and more can be resolved with a proper security program supported by security controls outlined in organization policies.

Contact RISC Management if you need help developing a security program or implementing controls. Remember, the first step is always a Risk Analysis. If you don’t identify, analyze, and document your risk, you’ll never effectively manage it.



  1. Implementing Information Security in Healthcare: Building a Security Program
  2. “Preparing for HIPAA Compliance Audits.” Healthcare Info Security Website