Although many healthcare organizations are making broader use of encryption, they're typically taking a "wait and see" approach to encrypting their clinical databases, citing serious concerns about an adverse impact on performance.
Two consultants, however, argue that hospitals and clinics can apply encryption on...
When it comes to protecting your organization and your customers from a data breach, what is considered "reasonable security?"
This question is at the center of several ongoing lawsuits, and how the courts answer it may be one of the biggest stories of 2010.
Shedding light on this hot topic is David Navetta,...
A coalition of 21 consumer groups and unions is calling on federal regulators to beef up and clarify information security provisions in the proposed "meaningful use" rule for the federal electronic health record incentive program
A risk analysis should not be an annual event, but rather an ongoing process that's revisited whenever a healthcare organization adds or changes any application. That's the advice of Kenneth Bradberry, vice president and chief technology officer at ACS, a consulting firm recently acquired by Xerox.
The Healthcare Information and Management Systems Society is asking federal regulators to be much more specific about the information security requirements within the proposed "meaningful use" rule for the electronic health record incentive payment program.
The Medical Group Management Association and the American Medical Association offer very different assessments of the proposed security provisions in the "meaningful use" rule for the federal electronic health record incentive program.
Building public trust, as called for under a draft of a federal "Health IT Strategic Framework," will require educating healthcare organizations on security compliance as well as tough enforcement of federal regulations, experts say.
The first draft of the framework correctly points out that public trust is vital...
UAB Health System in Birmingham, Ala., is tackling a long list of risk management projects, including updating intrusion detection and prevention systems.
In an interview, Terrell Herzig, HIPAA security officer, outlines priority projects and key lessons learned, including:
Expanding the use of...
Michael Frederick, chief information security officer at Baylor Healthcare System in Dallas, is using the HITRUST Common Security Framework to help ease the task of complying with multiple regulations.
Hospitals preparing for a potential government audit of their HIPAA security rule compliance should "build a continual state of readiness," says David Wiseman, information security manager at Saint Luke's Health System, Kansas City, Mo.