A crash course in GRC for the healthcare industry

Healthcare facilities must take the time to ensure that all employees are educated on governance, risk and compliance (GRC) when it comes to information security

By Matt Kunkel / Special to Healthcare Facilities Today

The healthcare industry is constantly bombarded by thieves looking to monetize private data. For this reason, healthcare organizations have shifted their focus to information security. Beyond patient safety and privacy, patient care is also impacted by the effects of data breaches. If healthcare organizations don’t want to risk their patients’ trust, the industry must take the time to ensure that all employees are educated on governance, risk, and compliance within its organizations.

After reviewing the more than 2,000 data breaches that were reported to the Department of Health and Human Services between 2010 and 2017, researchers at the Massachusetts General Hospital Center for Quantitative Health uncovered that with the exception of 2015, the number of breaches increased each year. While the media focuses on the short-term effects of a data breach, healthcare organizations and executives are focused on the long-term effects of what a breach could mean for the public perception of their brand. The American Journal of Managed Care reported that hospitals spend 64 percent more annually on advertising after a breach over the course of two years. The report goes on to share, “Advertising costs subsequent to a breach are another cost to the healthcare system that could be avoided with better data security.”

Rather than constantly playing defense with patient data, healthcare organizations need to take advantage of easy-to-implement GRC solutions that can help them plan ahead for potential threats. Below, I’ve put together several benefits that GRC platforms provide healthcare organizations.

Securing patient data

In September of 2018, more than 2.65 million Atrium Health patients’ data was breached for a week-long period. Unfortunately, the provider’s billing vendor, was the source of the attack, highlighting the risk companies take when partnering with third parties. The breach allowed hackers to view records that included names, addresses, birthdates, billing details and more.

Medical information hasn’t always been at risk of being breached. Before the advancement of technology, written records were stored in locked file cabinets. Fast forward to the present day, platforms can digitize medical records, making processes more efficient and saving providers time. While these advancements have had a positive effect on the healthcare industry, it has also created an environment where data leaks and breaches are common. Thankfully, the healthcare industry is not alone when it comes to mitigating risk. New tools, such as GRC software, help healthcare risk managers maintain visibility across the organization in the event of a breach and allow them to define protocols, design risk processes, and mitigate IT threats.

Remain compliant with regulations

Healthcare organizations have a lot to protect and maintain when it comes to patient data and the multitude of regulations that they must comply with. GRC solutions help healthcare risk managers manage compliance with easy-to-use workflows that create efficiencies and allows for easy deployment of regulatory business processes across an organization.

More focus on patient care

While the advancement of technology helps healthcare organizations become more efficient and better assist patient care, it also leaves them at higher risk to have data stolen or mishandled. With this in mind, healthcare risk managers take on the pressure and responsibility of protecting the data of an entire organization, its patients and its vendors. However, this can’t take priority over the ultimate mission of healthcare organizations, patient care.

By implementing a GRC solution, healthcare risk managers can avoid errors, improve training and introduce more accountability into risk-management operations. If your healthcare organization begins to consider a GRC solution, be sure that the software has automation within the platform. With the help of automation, predefined rules can reduce human error and built-in, automatic reminders help keep team members accountable. Having a GRC solution allows employees that interface with the patient experience to focus on the patient, rather than worry about the minutiae of compliance and risk mitigation.

Patient care, safeguarding patient data and staff following policies and procedures all leads to the success of a healthcare organization. Rather than depending on spreadsheets or pen and paper, healthcare organizations need to consider agile GRC solutions that can help them maintain a culture of risk without sacrificing patient care.  

Matt Kunkel is the co-founder and CEO of  LogicGate.



February 15, 2019

Topic Area: Security

Recent Posts

Change Healthcare Cyberattack Prompts Cybersecurity Advisory

The party behind this attack has been identified as the ALPHV Blackcat ransomware group.

Managed Service Providers: An Alternative to In-House IT

UTMC is one such case of using an MSP for their IT needs.

ChristianaCare Partners with Emerus Holdings to Develop Three Hospitals

The three neighborhood hospitals are expected to open in Pennsylvania in 2025.

Ohio University Hertiage College of Osteopathic Medicine Awarded WELL Certification

HCOM’s Heritage Hall received the WELL Certification at the Silver level.

Maximizing Safety Through Digital Training

By embracing technology-driven training, managers help deliver high-quality care while minimizing risks and enhancing overall safety.


FREE Newsletter Signup Form

News & Updates | Webcast Alerts
Building Technologies | & More!


All fields are required. This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.