The reality of healthcare operations today includes oversight of an increasing volume of personal health information which must be protected. Although the protection of sensitive and personal data has always been good business strategy, implementation has often been tactical and managed by IT departments. Because of new laws, rules and contractual obligations, management needs to be more involved. Even as information privacy and protection objectives grow more critical and complex, they are also increasingly subject to scrutiny by both internal and external auditors.
Responding to the commercial threat of fraud and the private threat of identity theft, most economically advanced nations have now passed national privacy laws that govern the collection, use and disclosure of personally identifiable information (PII).