New York state residents soon will be able to use a health information exchange's portal to securely access all their records, rather than having to gain access from providers one-by-one, explains HIE leader David Whitlinger.
Healthcare organizations need to assess and mitigate security risks for medical devices just as diligently as they do for other information technology, says Sharon Finney, data security leader at 44-hospital Adventist Health System.
Attacks aimed at mobile devices are progressing much more rapidly than any attacks ever waged against PCs. Organizations are in danger if they don't pay attention, says anti-phishing expert Dave Jevans.
Healthcare organizations need to more closely monitor how staff members access patient information to minimize "insider threats" that could compromise privacy or lead to fraud, says security consultant Mac McMillan.
Consumer advocate Deven McGraw says many provisions in the HIPAA Omnibus Rule, including better breach notification guidance and expansion of HIPAA liability to business associates, will provide substantial benefits to patients.
In 2012, ExperianÂ® Data Breach Resolution dealt with 1700 breaches - 800 of them in the healthcare sector. What are the common gaps for organizations looking to comply with new HIPAA Omnibus standards?
When it resumes, the HIPAA compliance audit program will be more focused in terms of what's evaluated but will encompass a broader range of organizations, says Verne Rinker of the HHS Office for Civil Rights.
Maintaining accurate logs of systems' activities is crucial in helping catch insiders who threaten an organization's digital assets, says George Silowash, co-author of the Common Sense Guide to Mitigating Insider Threats.
Under the HIPAA Omnibus Rule, security incidents are presumed to be reportable data breaches unless healthcare organizations demonstrate through a four-factor assessment that risks are low, explains privacy expert Kate Borten.
Under HIPAA Omnibus, business associates are now directly liable for HIPAA compliance. But covered entities need to take steps to ensure their BAs are, indeed, HIPAA compliant, says privacy attorney Stephen Wu.