Hiring a full-time chief information security officer can be expensive for smaller hospitals and medical groups. But, its imperative to protect patient data because, smaller organizations face many of the same risks as larger systems do.

Cyber-security responsibility often falls to the CIO, the IT director, or even to some extent, the EHR vendor of a hospital, none of which are traditionally aligned with a cyber role.

Norma Krayem, senior policy advisor for Holland & Knight and chair of the Global Cybersecurity and Privacy Policy and Regulation Team said that all hospitals need to have an individual or entity that provides the position. The risk of not having a security officer is critical thus, hospitals can’t afford not having someone doing this job.

This reality has given rise to two options: tapping the expertise of a virtual CISO or outsourcing cyber-security to a managed provider.

Hospitals and medical groups having limited security resources have leadership options in managed care providers and virtual CISOs. Hospitals can bundle a scope of responsibilities into a managed contract.

Patient engagement and patient management have improved due to technology. But, hospitals and healthcare companies need to be vigilant while using various technologies.