• Skip to main content
  • Skip to header right navigation
  • Skip to site footer
  • Contact Us
JTS Health Partners

JTS Health Partners

Revenue Cycle Management, Health Information Management, Information Technology, Analytics, & Advisory Consultation for the Healthcare Industry

  • Client Services
    • Client Services
      • Client Services

        Enhancing performance processes and outcomes through consulting, analytics and operational services within Revenue Cycle Management, Health Information Management, Healthcare Information Technology, Analytics as a Service and Financial Technology

      • Healthcare Management Consulting
    • Revenue Cycle Management | RCM
      • Revenue Cycle Management | RCM

        Best-in-class RCM services, with analytical solutions, that tailor and support strategies to align with our clients’ business goals

      • Revenue Cycle Management
    • Health Information Management | HIM
      • Health Information Management | HIM 

        Auditing, consulting, coding, interim management, staffing support, outsourcing and co-sourcing models for the acute and physician settings

      • Health Information Management HIM
    • Health Information Technology | HIT
      • Health Information Technology | HIT

        Consulting, workflow redesign, project management, analytical and operational support for all phases of enterprise implementation

      • Health Information Technology HIT
    • Healthcare Analytics | nCREAS™
      • Healthcare Analytics | nCREAS™

        Powerful, predictive tools dissect client data to offer insights for coding and revenue capture opportunities, denials improvements, A/R trending and productivity metrics

      • Analytics as a Service AaaS
    • Financial Technology | FinTech
      • FinTech

        Optimizes healthcare systems’, hospitals’ and physician practices’ cash flow and liquidity

      • FinTech
  • Expertise
        • JTS’ highly skilled team offers consulting and operational services that align with performance improvement initiatives of healthcare systems, hospitals and physician practices

        • Advisory & Consulting
        • A/R Valuation
        • Auditing
        • Clinical Documentation Improvement with Physician Advisory
        • Coding
        • Compliance & Regulations
        • CyberSecurity
        • Denials Management
        • E&M Education with Peer-to-Peer Training
        • Extended Business Office
        • Financial Health Ratings
        • Interim Management
        • Legacy Collections
        • Liquidity Planning
        • Operational Assessments with Planning
        • Physician Advisory Services
        • Predictive Modelling
        • Project Management
        • Risk Management
        • Staff Augmentation
        • System Implementation & Support
        • Workflow Management
  • Careers
    • Careers
      • Careers

        Learn more about careers at JTS Healthcare.

    • Job Opportunities
      • Job Opportunities

        Search open job opportunities to find a career that aligns with your interests and skills

    • Apply Now
      • Apply Now

        Why wait? Submit your application to join the JTS team

  • Insights
    • Insights
      • Insights

        JTS is dedicated to providing educational resources on RCM, HIM, HIT and Analytics related topics

    • News
      • News

        Learn what’s new at JTS

    • Knowledge Center
      • Knowledge Center

        Learn about current topics in the healthcare space

    • Case Studies
      • Case Studies

        Explore outcomes of previous engagements

  • About Us
    • About Us
      • About Us

        JTS endeavors to continue to be recognized as a national healthcare professional services and solutions firm by our clients and employees

      • About Us
    • Mission, Vision & Values
      • Mission, Vision & Values

        Our Mission, Vision & Values are who we are as a company and the culture that we live out each day

      • Our Mission & Values
    • Leadership Team
      • Leadership Team

        JTS’ leadership team has a deep expertise in RCM, HIM, HIT and Analytics

      • Our Team
    • Governance
      • Governance

        JTS adheres to the highest standards of corporate governance practices and procedures in the US

      • Governance
    • Giving Back
      • Giving Back

        We take pride is supporting local events and organizations who make the world a better place

      • Our Mission & Values
    • Events
      • Events

        Search our upcoming events and see past events

      • Events and Webinars
  • Client Services
    • Client Services
    • Revenue Cycle Management | RCM
    • Health Information Management | HIM
    • Health Information Technology | HIT
    • Healthcare Analytics | nCREAS™
    • Financial Technology | FinTech
  • Expertise
    • Advisory & Consulting
    • A/R Valuation
    • Auditing
    • Clinical Documentation Improvement with Physician Advisory
    • Coding
    • Compliance & Regulations
    • CyberSecurity
    • Denials Management
    • E&M Education with Peer-to-Peer Training
    • Extended Business Office
    • Financial Health Ratings
    • Interim Management
    • Legacy Collections
    • Liquidity Planning
    • Operational Assessments with Planning
    • Physician Advisory Services
    • Predictive Modelling
    • Project Management
    • Risk Management
    • Staff Augmentation
    • System Implementation & Support
    • Workflow Management
  • Careers
    • Careers
    • Job Opportunities
    • Apply Now
  • Insights
    • Insights
    • News
    • Knowledge Center
    • Case Studies
  • About Us
    • About Us
    • Mission, Vision & Values
    • Leadership Team
    • Governance
    • Giving Back
    • Events

CyberSecurity Enabling the Business – Ditch the Checkbox Approach | Part A

November 10, 2021 by JTS Health Partners

Executives in cybersecurity often hear that unless additional money is spent, the company will be hacked or that without more funds, regulatory compliance cannot be met.

 

By:  Michael Meline (Cyber Self-Defense CEO) & Julie Stewart

A CyberSecurity program should enhance the products or solutions provided by the company.  It should allow employees to be productive at conducting business, not being compliant.  The biggest pitfall in cybersecurity programs is the “Checkbox Approach”.  This is where the threats mentioned above are heard most often. While the checkbox approach can have specific rules to be followed, the guidelines are too generic to manage risks (identify, prioritize, and address).

Cyber ChecklistAssume the checklist includes a set of compliance requirements. Let’s look at an examples of a HIPAA requirements and how the checkbox approach can ensnare companies to spend blindly:

  1. First, let’s take the Health Insurance Portability and Accountability Act of 1996 (HIPAA) Audit protocol (https://www.hhs.gov/hipaa/for-professionals/compliance-enforcement/audit/protocol/index.html). It states "164.308(a): A covered entity or business associate must in accordance with 164.306: (1)(i) Implement policies and procedures to prevent, detect, contain, and correct security violations."
    Is there a magic number of policies that will meet requirements of this statute? Developing a canned set of policies and procedures in attempt to comply will waste time and may even harm the ability for employees to conduct business.  The right number of policies are determined by creating a program based on the company identified risks.
  2. HIPAA audit protocol states, "164.308(a)(1)(ii)(A): Conduct an accurate and thorough assessment of the potential risks and vulnerabilities to the confidentiality, integrity, and availability of electronic protected health information held by the covered entity or business associate."
    I have reviewed risk assessments for potential clients that are 20 lines long. The risk assessment recommended for that company would be over 50X that number to make competent decisions. Unfortunately, many companies want to check a box instead of accurately assessing risks and responses which would later guide their success.

Use A Risk Based Approach – Not a Check box for CyberSecurity

A checklist is not going to properly address risks. The ideal way to enable the business is to take a risk-based approach to your compliance needs analyzing areas specifically identified within the risk assessment.

This Risk Based process aid in achieving success and managing expectations.  For each risk, companies can:

  1. accept the risk after exploring the actual threat to the business
  2. choose alternate corrective actions, or
  3. avoid the activity altogether

This Risk Based approach may often allow for the removal of expensive, partially implemented equipment and replacing it with more appropriate processes - saving the company large amounts of resources – money, frustration, and time. It removes the “do it or die” approach which is both costly and ineffective. It will most certainly effectively justify or eliminate the decision to buy or not buy a set of tools to achieve goals.  Further, it will provide a clear and consistent progress report of improvement initiatives and decision making that can be used during a potential incident.

In both the long and short run, the checkbox approach is much more expensive than a risk-based program approach which addresses each risk and components instead of a generic list of to-dos.   This enables the business to meet compliance and manage prioritized risks and places.  Success of the business is at the center!

 

 

Ready to find out more?

Get insights on how to mitigate your CyberSecurity risk.

Find out more
Category: Articles, CyberSecurity, HIPAATag: cybersecurity, HIPAA

JTS Health Partners

Serving as trusted advisors and industry leaders, JTS is a healthcare management consulting firm dedicated to meeting the needs of the nation’s many top healthcare organizations in both the private and public sectors.

About Us

  • About Us
  • Leadership Team

Client Services

  • Revenue Cycle Management
  • Health Information Management
  • Health Information Technology
  • Healthcare Analytics
  • Extended Business Office

Contact

Corporate Office
45 Technology Parkway South
Suite 100
Norcross, GA 30092

Phone: (404) 816-6107
Fax: (470) 552-5011
info@jtshealthpartners.com

©2023 JTS Ventures, Inc., d/b/a JTS Health Partners (JTS), a United States entity. All rights reserved. The information contained herein is intended for general guidance only. No one should act upon such information without appropriate professional advice. JTS shall not be responsible for any loss whatsoever sustained by any organization or person who relies on this publication. Site Map