§391 SGB V, §393 SGB V, B3S, NIS-2-Umsetzungsgesetz, C5-Testate, New IDW Standards…
Well, as a healthcare facility manager, is your head already pounding with all the specifications, guidelines, laws, etc.?
Two important questions about the warm-up:
- Do you know that you need to do something about information security, but not how? Very well.
- You think that information security is just a technical aspect of IT and you have no idea about it? Not so good.
In several episodes, we would like to show you how to get started with the topic of information security and how to take the first steps, even if you are not familiar with the technology. The following articles cannot, of course, provide a complete overview, but are about how you can approach the topic of “information security” in a simple way.
Let’s start with some basics.
The term information security, as the word suggests, has something to do with information. The word information also includes, but is not limited to, systems for processing digital information. Information security is about every form of information that is generated or processed in the context of your company. This includes conversations in the elevator as well as documents on desks (and in cabinets) or rights to access databases. Information is the economic basis of a company, especially in the healthcare sector.
Security in this context means that information
- are confidential, i.e. are only made accessible to authorized persons,
- are and remain authentic, changes are either not possible or can be traced at any time
- are available, i.e. are protected against loss and destruction or can be restored in the event of a fault.
After all, information is essential for the high-quality treatment of your patients, especially in the healthcare sector.
And now we come to the first step – a small task for you:
“I (i.e. you) would like to ensure that information is protected in the best possible way for the benefit of my company and for the benefit of the patients who place their trust in us!”
If you can credibly say this to yourself in front of the mirror, then you have taken the first important step!
If you haven’t managed to do this well yet, or you don’t feel you have, imagine that the IT in your company is switched off for, let’s say, two weeks.
The impact would be very serious, right?
The next, equally elementary step follows immediately. You formulate the protection of all information for yourself and the company as a manifesto, as a so-called information security policy.
Sounds complicated?
Don’t worry – before you do, we’ll give you a few more insights into how to organize the whole thing in the next episode.
After all, you don’t have to and shouldn’t do it alone.
Click here to go directly to Information Security Part 2: The Organization.
Cyber risk check – a new service from Oberender AG
Do you want to know where you stand in terms of information security right now? Great – then let’s do the cyber risk check together. You can find more information here.