Why mere compliance increases risk

by Grant Elliott
October 03, 2013

 

In some cases, poor training is as bad as–if not worse than–no training it all, say John Schroeter and Tom Pendergast

By John Schroeter and Tom Pendergast
October 02, 2013 — The Department of Health and Human Services recently confirmed that a lack of training is a common cause of HIPAA compliance difficulties. But is that really such a surprise? Given the poor state of awareness training in many organizations, it’s no wonder that HIPAA violations are actually on the rise. The fact is, to achieve formal, “letter of the law” compliance, just about any form of training will do to “check the box.” But as we continue to see, bad training is, in the final analysis, practically equivalent to–or worse than–no training at all, and hence the disappointing results reported by HHS and by others who wonder why their compliance training fails.

Continue >>>
[/av_textblock]

[/av_one_full]
Tags:
Risk Management & Compliance
Post by Grant Elliott
October 3, 2013

Comments
The Complete Guide to SOC 2 Audits

Download the Complete Guide to SOC 2 Audits

Empower your people to be secure and prepare for your SOC 2 audit with confidence. Download the eBook now.