Widespread implementation of encryption is a top priority at Stanford Hospital and Clinics, thanks, in large part, to the "safe harbor" in the HITECH breach notification rule, says Michael Mucha, information security officer.
He notes that organizations that use the proper form of encryption don't have to report...
A risk analysis should not be an annual event, but rather an ongoing process that's revisited whenever a healthcare organization adds or changes any application. That's the advice of Kenneth Bradberry, vice president and chief technology officer at ACS, a consulting firm recently acquired by Xerox.
In an interview...
Hospital boards of directors are just beginning to realize the size and scope of the information security regulatory compliance tasks their organizations must complete, one consultant contends.
To prepare for a potential government audit of their HIPAA security rule compliance, hospitals should have a detailed information security plan and be able to prove they're carrying it out.
Hospitals preparing for a potential government audit of their HIPAA security rule compliance should "build a continual state of readiness," says David Wiseman, information security manager at Saint Luke's Health System, Kansas City, Mo.
To be fully prepared, Wiseman says hospitals should:
Conduct a HIPAA...
Sitting in an all-day security workshop at the HIMSS Conference in Atlanta Feb. 28 provided me with a good education about what's on the minds of security leaders. For example, one member of the audience said it was a "huge challenge" to ensure that when an employee is fired, their password is promptly deactivated so...
Four small, rural hospitals in Texas have come up with a clever way to help each other implement electronic health records, as well as securely exchange patient information.
Choosing the right form of encryption is essential when attempting to comply with the HITECH Act, says consultant Rebecca Herold.
In an interview, Herold:
Stresses that healthcare organizations can gain an exemption from the HITECH requirement to report data breaches only if they use specific NIST-approved...
Faced with the threat of much stiffer penalties for data security violations and ramped-up enforcement at the federal and state levels, many hospitals are just starting to pay serious attention to security, contends security consultant Kate Borten. But they must go far beyond investing in new technologies to develop...
To make sure their information technology strategies adequately address the needs of physicians, many hospitals have designated a doctor to serve as chief medical informatics officer. These physicians are working closely with CIOs, CSOs and others to help select and implement I.T., including technologies to keep...
How do CIOs at community hospitals, which have limited resources, address data security challenges, such as compliance with the privacy and security provisions of the HITECH Act?
Charles Christian, CIO at Good Samaritan Hospital in Vincennes, Ind., also serves as the defacto chief security officer, dividing up...
In 10 years as a security compliance officer, Christopher Paidhrin has seen his role broaden as information security has become an even higher priority at Southwest Washington Medical Center in Vancouver, Wash.
Today, Paidhrin is more involved in policy development. He's also pushing to improve awareness of the...
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing healthcareinfosecurity.com, you agree to our use of cookies.