“The reality is that all compliance (frameworks), whether they are industry compliance requirements, federal or even international requirements, all of these are baseline standards and you have to think of compliance as the basement of where your security starts,” Randall Gamby, a founding member of Wisegate and information security officer at the Medicaid Information Service Center of New York, told SIW in an interview last year. “You have to make sure that you secure the compliance stuff and then you have to look at the other information that doesn’t fall underneath the regulation so you can secure that as well.”
Ohlhausen also pointed out that not all data breaches are the result of lax IT security safeguards and cited a case the agency brought against a major pharmacy chain that was found to be throwing patients’ prescription drug information in a dumpster. “I don’t think we needed a rule that said, ‘hey, don’t take peoples medical records and put them out back in the dumpster.”
Time will tell whether or not and, to what degree, lawmakers take action on this front, but there is perhaps more momentum now for federal legislation than any point over the past several years. With the proliferation of the Internet-of-Things and more and more devices becoming Internet-enabled by the day, this issue is unlikely to go away anytime soon.