An important aspect of HIPAA Omnibus Rule compliance for covered entities as well as business associates and their subcontractors is policing what privacy attorney Gerard Stegmaier calls "the data supply chain."
Keeping risk assessment documentation and other compliance evidence in a centralized repository is a good way to prepare for any HIPAA audit or investigation, says Mark Dill, Cleveland Clinic's security leader.
Today's advanced threats are no secret. Focusing the correct resources on them is the true challenge, says Will Irace of General Dynamics Fidelis Cybersecurity Solutions. He offers tips for harnessing the right skills and technology.
As new state health insurance exchanges gear up for open enrollment Oct. 1, privacy expert Chris Rasmussen asks whether regulators will miss the deadline for a risk analysis of a key data services hub.
Bruce McConnell, who just stepped down as one of the federal government's top cybersecurity policymakers, says he understands why some lawmakers don't trust DHS with significant authority to safeguard government IT.
When it comes to the impending Sept. 23 HIPAA Omnibus enforcement deadline, many smaller organizations are making serious progress - or seriously procrastinating, says compliance expert Margie Satinsky.
Though others deemed Bruce McConnell as one of the government's most innovative security thought-leaders, he says his vision of how best to secure IT evolved during his just-ended 4-year tenure at DHS as a senior cybersecurity policymaker.
It's an increasingly common question from CEOs. "How is our security program protecting the business?" Pamela Gupta of OutSecure shares insight on what CISOs should demonstrate when they answer that question.
The best ideas to secure the Internet do not come from the top-down government approach imposed by some foreign governments, but from the openness derived by a multi-stakeholder process, says Christopher Painter, America's top cyber diplomat.
The hotline, the communications link established between Washington and Moscow during the Cold War to avert a nuclear war, is being used to warn of potential cyber and environmental crises, the State Department's Christopher Painter says.
As Riverside Medical Center in Illinois prepares for HIPAA Omnibus Rule compliance, it's facing push-back from some business associates about new requirements, says Erik Devine, chief security officer.
After organizations update their policies and procedures to comply with the new breach notification requirements of HIPAA Omnibus, they must thoroughly test their response plans, attorney Ellen Giblin stresses.