From an IT perspective, the healthcare industry has plunged into a new age. There has never been a greater emphasis on the implementation of, and reliance on, transformative new technologies that are delivering promising breakthroughs in patient care, operating efficiencies and organizational performance. Sensitive healthcare data is being accessed and used in numerous new ways.
This change is fueling historic innovation. At the same time, it is exposing healthcare organizations to new challenges and risks. Chief among these is cybersecurity.
While healthcare internal audit functions absolutely need to address cybersecurity issues, they must do so while juggling many other priorities whose number and nature continue to shift due to the ongoing digital transformation, new regulatory requirements and a volatile marketplace.
The results of the 2015 Internal Audit Capabilities and Needs Survey of Healthcare Provider Organizations from AHIA and Protiviti shed light on the ways in which CAEs and internal audit professionals are performing this strategic juggling act while providing assurance across an ever-increasing number of risk areas. Our results indicate that healthcare internal audit functions are focusing their attention and resources in five key areas:
1. Cybersecurity risks and practices
2. Regulatory compliance
3. Supporting, enabling and protecting the digital enterprise
4. Addressing fraud risks
5. Multi-stakeholder collaboration