IT security practitioners should understand why the bits, bytes and network connections - the technologies - are important to their organization's goals. Ignorance of the mission, for IT security folks, isn't bliss.
The nation's new chief HIPAA enforcer views the protection of privacy as an important way to help ensure patients have access to care. And his passion about the issue means you can expect HIPAA enforcement efforts to intensify in the months ahead.
Ineffective or noncompliant security practices of service providers, the inability of customers to examine controls, the prospect of data leakage and the loss of data if a cloud service is terminated present challenges.
Security incidents reported over the past five years have placed the confidentiality, integrity and availability of sensitive government information and information systems at risk, an annual GAO review reveals.
While it's good to see more privacy and security details included in the final version of the Federal Health IT Strategic Plan, much work remains to ensure patient information is protected when it's exchanged.
Whether you're preparing for the upcoming HIPAA compliance audits, pondering a move to cloud computing or developing a social media policy, it pays to get privacy and security tips from experts in the field.
"The lack of individual accountability over user accounts provides ample opportunities to conceal malicious activity such as theft or misuse of veteran data," VA Assistant Inspector General Belinda Finn says.
Security experts at this week's Gartner Security and Risk Management Summit agree: Security, not compliance, has to be the new focus. Cyberintrusions cannot be stopped, and the RSA breach should be a lesson to the industry.
"Our ability to provide immediate response to vulnerabilities and threats ... is quickly establishing VA as a model of excellence for the rest of the federal government."
VA CIO Roger Baker says in testimony before a House panel.