Preliminary results of our inaugural Healthcare Information Security Today survey, which is still open for participation, show that only about half of healthcare organizations have a plan in place to comply with the HITECH Act breach notification rule.
This kind of problem happens to everybody, says Marcus Ranum, CSO of Tenable Network Security, in response to the widely publicized breach at RSA. And maybe hes right. Perhaps this kind of problem does happen to everyone. But should it?
Some physician group practices that already have an electronic health record system are playing a game of "hurry up and wait" when it comes to qualifying for HITECH Act EHR incentive payments and bringing their security plans up to date.
When a database breach occurs, consumer notification continues to be a public problem, and it's time for the federal government to step in, says Linda Foley, co-founder of the non-profit Identity Theft Resource Center.
When the HITECH Act was enacted early in 2009, much was made of its provisions calling for tougher enforcement of the HIPAA privacy and security rules. But we're still waiting for ramped-up enforcement to begin.