NIST's Ron Ross sees complexity as the biggest risk enterprises face. To ease risk, Ross favors moving data to the cloud. Purdue's Eugene Spafford doesn't fully subscribe to Ross' plan. The two square off in this interview.
To meet the HITECH Act electronic health record incentive program's upcoming requirements for health information exchange, providers will need to use security best practices. David Kibbe, M.D., of DirectTrust, explains how his group is fostering those practices.
In the aftermath of a massive health data breach last year and a smaller incident this year, the state of Utah is taking a number of steps, including creating a data security office within the health department.
For the second straight quarter, U.S. government statistics indicate that unemployment exists within the IT security profession. But even the government doesn't consider its numbers gospel.
Two organizations have received federal funding to support projects, including development of security best practices, designed to pave the way for nationwide health information exchange. Claudia Williams of ONC describes the goals.
What's the cost to an organization when it suffers a security breach and breaks trust with its own customers? Jeff Hudson, CEO of Venafi, presents results of a new survey on the cost of failed trust.
An advisory panel is outlining how to address privacy and security issues involved in the exchange of patient information among healthcare providers using the query and response method. How will the recommendations be put to use?
Smaller healthcare organizations with limited resources will find HIPAA Omnibus Rule compliance preparation particularly challenging. But experts point to useful online resources and offer tips.
The federal HIPAA compliance audit program won't resume until this fall at the soonest, says Susan McAndrew of the HHS Office for Civil Rights. She describes specific steps that organizations can take to prepare.
Extortionists employing telephony-denial-of-service attacks - a close relative to distributed-denial-of-service attacks - are targeting emergency communications centers that dispatch first responders.
Intel has added privacy to the portfolio of its top information security executive, Malcolm Harkins, who says too many information security professionals are "color blind or tone deaf" to privacy, wrongly thinking strong data protection provides privacy safeguards.
The FTC puts the onus on application developers to protect their organization's sensitive data by mandating the use of "reasonable" data security practices. What does this mandate mean in practice?
As hospitals and clinics plow ahead with their HIPAA Omnibus Rule compliance efforts, they should also remind patients to be careful when communicating their own health information. A clinical psychologist offers practical insights.
The health advocacy group Genetic Alliance on April 5 will unveil a registry designed to enable patients to control how health information is shared with researchers. Spokesman Greg Biggers discusses privacy measures.
Getting inspectors general and agencies' IT security heads to agree on how best to evaluate information security should strengthen U.S. federal government agencies' risk management frameworks, say former OMB leaders Karen Evans and Franklin Reeder.
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing healthcareinfosecurity.com, you agree to our use of cookies.
