Greenville Health System (GHS) is a public not-for-profit academic health system. Headquartered in Greenville, S.C., GHS has six medical campuses, five acute-care hospitals, and four specialty hospitals in addition to other facilities and practice sites. The organization has approximately 1,350 beds and revenue of approximately $1.8 billion.
The Problem
"As GHS continued to grow, we wanted to take a fresh look at information security throughout the enterprise," said CIO Rich Rogers. "We are aware of information security concerns in the industry and wanted to make sure the GHS security framework was up to date." GHS engaged Crowe Horwath LLP to provide a new perspective on GHS' information security, revise its information security strategy, and assist with executing that strategy.
The Solution
Information security cannot be addressed by focusing on a single component of the issue. In other words, information security is not a technology problem; it requires effective people, processes, and technology controls.Crowe isolated and managed controls by separating "governance" controls (policies and procedures, roles and responsibilities, and risk management) from operational "security domains" (regulatory compliance, data protection, logical and physical security, logging and monitoring, and management of business continuity, threats and vulnerabilities, employees, security configuration, security changes, and third-party risks). As a result, Crowe was able to 1) assess broad topics without redundant entity-level controls, such as overlapping policies, and 2) report the information security status in a snapshot.
The Result
Through the combined efforts of GHS and Crowe, information security awareness was elevated throughout the organization, including the information security function. As advised by Crowe, GHS also put additional information security initiatives in place related to HIPAA, meaningful use, and the Payment Card Industry Data Security Standard. These initiatives have had a positive impact on compliance and enhanced GHS' information security posture. Crowe continues to assist GHS with different aspects of information security, but GHS now has the tools and processes to maintain the efforts Crowe initiated—thus allowing GHS information security to mature while Crowe uses its resources in areas with the most impact on the organization.
To continue reading, become an ALM digital reader
Benefits include:
- Complimentary access to Consulting Magazine Online and digital edition
- Bi-monthly digital newsletter delivered to your inbox
- 1 free article* every 30 days to Consulting Magazine's sister publications
- Exclusive discounts on events and publications produced by ALM
Already have an account? Sign In
