HIPAA regulations—and the mindset they have inspired for information security—can no longer be the standard on which a healthcare information security program is built.
The philosophy spawned from the compliance mentality toward information security, in too many instances, has resulted in an attitude of complacency and “Good Enough” is enough. It is behavior modeled on a checklist approach that ends with “completion of the required checklist and is considered ‘Good Enough’ security.”
