Aetna's Information Security Chief Talks About Efforts to Protect Clients

There's been a lot of talk about compliance lately. Federal and state regulations. HIPAA regulations. But, if you're in charge of healthcare security, compliance is far from sufficient, says Jim Routh, chief information security officer for Aetna, one of the nation’s leading diversified healthcare benefits companies.

"The focus of the information security capabilities and controls has less to do with the regulatory requirements and more to do with the shift in tactics and trends for cybersecurity threats," he explains.

Routh is slated to kick off the HIMSS Media and Healthcare IT News Privacy and Security Forum in Boston Sept. 8, with his keynote, "Climate Change: It’s About Managing Risk, Not Just Compliance."

If you think about it, he says, the cycle time for regulatory requirements is measured in years. They’re typically years out of date at best, as it takes time to figure out what the rules should be and what the best way to enforce the rules is.

Compare that with the cycle time on the threat side, which proves fundamentally different. "Back in the good ol' days,” Routh says, "we'd go four or five years before there was a major shift in tactics used by cybersecurity criminals."

Read the interview here: http://bit.ly/1oDTwUm

Source: Healthcare IT News