Ben's Book of the Month: Review of "How Healthcare Data Privacy Is Almost Dead ... and What Can Be Done to Revive It!"

Posted on by Ben Rothke

This month’s theme is security strategy & operations. Some questions include: what makes a good cybersecurity strategy? What policies and procedures should you have in place to ensure your employees, customers and sensitive data remain safe?

If you believe John Trinckes in How Healthcare Data Privacy Is Almost Dead ... and What Can Be Done to Revive It! (Auerbach Publications 978-1498783958), the healthcare industry is running on the information security equivalent of life support.

Perhaps no other industry has so much highly personal data than the healthcare sector. And it’s likely that no other sector has been as derelict in protecting that data. The sector has had over a billion medical records exposed via more than 5,000 data breaches.  Trinckes writes that he thinks the healthcare industry is about 10-15 years behind other industries when it comes to information security, data protection and privacy.  

In the book, Trinckes deals with the many problems that healthcare organization deal with around data protection.  Much of it is since organizations in the sector simply lack the budget, resources and staff to ensure their information security requirements are met. 

Trinckes does a superb job of stating what the problem are in the industry. He collects an abundant amount of sources around data breaches and how the healthcare industry is severely lacking when it comes to information security. In each area, he is proscriptive about what the industry needs to do to fix itself. But he does not give enough attention to the many details that need to be done to do that. 

For those looking to understand the depth of the information security problems within the healthcare industry, Trinckes makes that eminently clear. The book is a good launching pad for those in the healthcare industry to finally get their hands onto those issues called information security and privacy.

Ben Rothke

Senior Information Security Manager, Tapad

Blogs posted to the website are intended for educational purposes only and do not replace independent professional judgment.  Statements of fact and opinions expressed are those of the blog author individually and, unless expressly stated to the contrary, are not the opinion or position of RSA® Conference, RSA Security LLC or any other co-sponsors. RSA Conference does not endorse or approve, and assumes no responsibility for, the content, accuracy or completeness of the information presented in this blog.

Share With Your Community