Widespread implementation of encryption is a top priority at Stanford Hospital and Clinics, thanks, in large part, to the "safe harbor" in the HITECH breach notification rule, says Michael Mucha, information security officer.
He notes that organizations that use the proper form of encryption don't have to report...
A risk analysis should not be an annual event, but rather an ongoing process that's revisited whenever a healthcare organization adds or changes any application. That's the advice of Kenneth Bradberry, vice president and chief technology officer at ACS, a consulting firm recently acquired by Xerox.
In an interview...
UAB Health System in Birmingham, Ala., is tackling a long list of information security projects, including updating intrusion detection and prevention systems.
In an interview, Terrell Herzig, HIPAA security officer, outlines priority projects, including:
Expanding the use of encryption;
The man known as "Doctor HIPAA" for his extensive work crafting and implementing the HIPAA administrative simplification rules is hot and cold when it comes to the HITECH Act. William R. Braithwaite, M.D., Ph.D., likes HITECH's funding for electronic health records. But he's not too keen on the short compliance...
Under a proposed federal rule unveiled March 2, organizations designated to certify electronic health records software will assess the applications' security functionality but not require the use of specific security standards.
The three major regulations to support the electronic health records incentive program will be finalized by the end of spring, according to the team leader for the federal government's HITECH Act implementation effort.
Accounting for who has viewed a patient's electronic health record "is the single most difficult security requirement to figure out" in the HITECH Act. That's the conclusion of Lisa Gallagher, senior director for privacy and security at the Healthcare Information and Management Systems Society.
Hospitals should use a team approach to creating breach detection and breach notification strategies. That's the advice of Gerry Hinkley, senior partner at the law firm Pillsbury, Winthrop, Shaw and Pittman.