The law firm of choice for internationally focused companies

+263 242 744 677

admin@tsazim.com

4 Gunhill Avenue,

Harare, Zimbabwe

The Evolving Landscape of Privacy and Cybersecurity: Essential Strategies for Legal and Compliance Professionals – MedCity News

Posted on by TSA Press

In
today’s
fast-moving,
hyper-connected
world,
legal
and
compliance
teams
shield
organizations
from
a
constant
stream
of
internal
and
external
threats
to
sensitive
data.

Effectively
countering
these
threats
requires
more
than
simply
erecting
strong
controls;
it
requires
navigating
the
complex,
shifting
landscape
of
privacy
and
data
protection
laws.

Privacy
and
cybersecurity
laws
and
regulations
change
constantly.
Laws
such
as
the
Health
Insurance
Portability
and
Accountability
Act
(HIPAA)
stringently
control
how
organizations
manage,
store,
use,
and
protect
data
within
their
scope.
And
literally
every
state
has
laws
that
may
also
bear
on
privacy,
security,
or
both.
Noncompliance
can
result
in
reputational
harm,
financial
penalties
and
damages,
or
even
long-term
consent
decrees.

Addressing
these
requirements
requires
people,
process,
and
technology
controls.
But
as
good
as
process
and
technology
get,
humans
remain
the
weakest
link.
I’ve
seen
seemingly
small
mistakes,
such
as
leaving
confidential
documents
on
a
printer
or
sending
sensitive
information
to
the
wrong
recipient,
escalate
into
major
compliance
issues. 

For
instance,
a
pharmacy’s
training
video
once
inadvertently
revealed
sensitive
health
information

a
patient’s
name,
prescription
details,
and
medical
diagnosis

leading
to
multiple
federal
investigations.
While
awful
for
the
organization
involved,
this
underscores
a
broader
point:
That
staff
in
every
department
must
understand
their
role
in
protecting
sensitive
information. 

Since
legal
and
compliance
teams
can’t
be
everywhere,
training
is
an
essential
tool.
Regular,
targeted
training
helps
employees
better
understand
their
critical
role
in
data
protection
and
avoid
potential
lapses.
Real
world
examples
like
that
pharmacy
training
video
powerfully
illustrate
the
importance
of
compliance.

Training
must
accompany
and
foster
a
culture
of
accountability
and
awareness.
Employees
should
feel
comfortable
questioning
the
need
for
certain
data
and
explaining
how
and
why
they
follow
established
procedures
when
handling
sensitive
information.
Organizations
must
also
engage
in
cybersecurity
tabletop
exercises
so
everyone
knows
how
to
respond
in
an
emergency,
and
hold
regular
data
protection
tests
to
help
avoid
one. 

When
incidents
occur,
a
coordinated
reactive
strategy
is
as
vital
as
proactive
prevention.
Legal
and
compliance
teams
must
work
closely
with
IT
and
security
departments
to
deploy
a
swift,
effective
response,
analyze
breaches,
determine
cause
and
exposure,
and
identify
and
enact
remediations.
Post-incident
reviews
should
focus
on
root
cause
analysis,
letting
organizations
learn
from
mistakes
and
opportunities.

Not
every
compliance
risk
or
effort
is
internal.
Data
may
flow
between
organizations
in
unseen
virtual
rivers.
Therefore,
it’s
crucial
to
ensure
that
a
company
understands
these
data
flows
and
that
its
vendors
who
receive
information
maintain
high
privacy
and
security
standards
for
data
in
transit
and
at
rest.
Simple
questions
and
processes
can
help
unearth
potential
red
flags. 

For
a
vendor,
such
questions
might
include:

  • Tell
    me
    about
    your
    privacy
    and
    cybersecurity
    teams.
    How
    many
    people
    are
    on
    these
    teams?
    What
    are
    their
    credentials
    and
    training?
  • Can
    you
    share
    your
    incident
    response
    plan?
    Please
    provide
    a
    real-world
    example
    of
    the
    plan
    in
    action. 
  • What
    strategies
    do
    you
    employ
    to
    protect
    data
    and
    ensure
    it
    is
    used
    and
    disclosed
    properly?
  • Can
    you
    share
    details
    about
    your
    access
    control
    measures?
  • How
    do
    you
    train
    your
    teams?
  • How
    do
    you
    test
    the
    effectiveness
    of
    your
    data
    protection
    measures? 

As
legal
and
compliance
professionals,
we
champion
privacy
and
cybersecurity
in
our
organizations,
but
success
requires
a
team
effort.
Building
resilient,
actionable
frameworks
that
meet
regulatory
requirements
but
also
instill
trust,
confidence,
and
reliability
enables
success. 

Fortunately,
with
diligence,
thoughtfulness,
a
culture
of
compliance,
and
strategic
action,
we
can
navigate
this
complex
terrain,
safeguarding
our
companies,
colleagues,
leaders,
and
partners. 


Photo:
anyaberkut,
Getty
Images


Shara
Rasmussen
is
Deputy
General
Counsel,
VP
Privacy,
Risk,
and
Compliance
at

Collective
Health.
She
is
an
experienced
compliance
and
privacy
professional
who
has
also
served
as
Chief
Compliance
and
Privacy
Officer
at
VillageMD
and
Executive
Director
of
Corporate
Responsibility
at
AdventHealth.
Rasmussen
holds
a
JD
in
Health
Law
from
Loyola
University
Chicago
School
of
Law,
an
MPH
in
Public
Health,
and
a
BA
in
Psychology
from
the
University
of
North
Carolina
at
Chapel
Hill.
She
also
holds
professional
certifications
in
healthcare
compliance
and
privacy
compliance.

This
post
appears
through
the MedCity
Influencers
program.
Anyone
can
publish
their
perspective
on
business
and
innovation
in
healthcare
on
MedCity
News
through
MedCity
Influencers. Click
here
to
find
out
how.