To ensure their business associates have conducted a thorough risk assessment and other HIPAA compliance tasks, covered entities must have a solid vendor management program in place, says security expert Mac McMillan.
The next round of HIPAA compliance audits by federal regulators are likely to focus on three key areas, says compliance expert David Holtzman, who until recently worked at the agency that enforces HIPAA.
When it comes to building a breach response team, too many healthcare organizations use a "volunteer firefighter model," taking inadequate steps to prepare for incidents, says security expert Brian Evans.
In the wake of the Target breach, the University of Pittsburgh Medical Center has ramped up Internet monitoring to detect early if the organization is a target for attacks, says John Houston, UPMC's security and privacy leader.
Getting the healthcare sector prepared for new and emerging cybersecurity threats is a new focus this year for the Office of the National Coordinator for Health IT, says its chief privacy officer, Joy Pritts.
The Department of Health and Human Services is taking the first steps toward resuming the HIPAA compliance audit program this year, examining business associates as well as covered entities. Find out what's planned.
The HIMSS 2014 Conference, to be held Feb. 23 to 27 in Orlando, will feature an impressive lineup of privacy and security educational content, plus updates from federal regulators. Check out the highlights.