Chief information security officers need to be able to translate technical projects into clear business terms, says Todd Fitzgerald, co-author of the book, "CISO Leadership Skills: Essential Principles for Success."
In an interview, Fitzgerald:
Describes the managerial skills that CISOs need;
Outlines how to...
The federal government's new list of major healthcare breaches is far too difficult to find. While the U.S. Department of Health and Human Services is living up to the letter of the law in posting the list deep within its Office for Civil Rights' Web site, it's sure making it difficult to reach the list.
The Office of the National Coordinator for Health Information Technology has posted a preliminary draft of its "Health IT Strategic Framework" that spells out, among other things, its proposed federal privacy and security strategies.
The American Hospital Association is calling on federal regulators to refine the "meaningful use" rule for the new Medicare and Medicaid electronic health records incentive program to make the security requirements more clear-cut.
The American Academy of Family Physicians has added its name to the list of organizations complaining about the proposed timeline for achieving the "meaningful use" criteria to qualify for federal EHR incentive payments.
Widespread implementation of encryption is a top priority at Stanford Hospital and Clinics, thanks, in large part, to the "safe harbor" in the HITECH breach notification rule, says Michael Mucha, information security officer.
He notes that organizations that use the proper form of encryption don't have to report...
A risk analysis should not be an annual event, but rather an ongoing process that's revisited whenever a healthcare organization adds or changes any application. That's the advice of Kenneth Bradberry, vice president and chief technology officer at ACS, a consulting firm recently acquired by Xerox.
In an interview...
UAB Health System in Birmingham, Ala., is tackling a long list of information security projects, including updating intrusion detection and prevention systems.
In an interview, Terrell Herzig, HIPAA security officer, outlines priority projects, including:
Expanding the use of encryption;
The man known as "Doctor HIPAA" for his extensive work crafting and implementing the HIPAA administrative simplification rules is hot and cold when it comes to the HITECH Act. William R. Braithwaite, M.D., Ph.D., likes HITECH's funding for electronic health records. But he's not too keen on the short compliance...
Under a proposed federal rule unveiled March 2, organizations designated to certify electronic health records software will assess the applications' security functionality but not require the use of specific security standards.
The three major regulations to support the electronic health records incentive program will be finalized by the end of spring, according to the team leader for the federal government's HITECH Act implementation effort.