Federal advisers are considering options for reinforcing the importance of risk assessments in the rules for Stage 3 of the HITECH Act's incentive program for electronic health records.
How can smaller healthcare organizations determine whether a vendor is a business associate or subcontractor directly liable for compliance under the new HIPAA Omnibus Rule? Regulatory expert Marjorie Satinsky explains.
The HIPAA Omnibus Rule streamlines the process of obtaining patients' permission for use of their information in medical research projects. Privacy attorney Adam Greene sorts through the details.
Consumer advocate Deven McGraw says many provisions in the HIPAA Omnibus Rule, including better breach notification guidance and expansion of HIPAA liability to business associates, will provide substantial benefits to patients.
A $400,000 federal penalty stemming from the investigation of a breach at a clinic owned by Idaho State University is the latest example of how even relatively small security incidents can trigger hefty sanctions.
When it resumes, the HIPAA compliance audit program will be more focused in terms of what's evaluated but will encompass a broader range of organizations, says Verne Rinker of the HHS Office for Civil Rights.
A federal advisory panel will develop standards for secure health information exchange, including how to maintain the integrity of health data as it's downloaded and transmitted by patients.
A conference hosted by the HHS Office for Civil Rights and the National Institute of Standards and Technology will provide insights on HIPAA Omnibus Rule compliance as well as other hot health data security topics.
As CIOs are asked to assemble more data to demonstrate their organization is providing high-quality care at a lower cost, their role in ensuring privacy and security is evolving, says technology specialist Harry Greenspun, M.D.
A privacy dispute has erupted between the city's public health officials and first responders in the wake of the Boston marathon bombing. Find out what's being debated.
Encryption is an important breach prevention tool. But to make the right decisions about how to apply encryption, healthcare organizations should take four specific steps, says security expert Feisal Nanji.
Under HIPAA Omnibus, business associates are now directly liable for HIPAA compliance. But covered entities need to take steps to ensure their BAs are, indeed, HIPAA compliant, says privacy attorney Stephen Wu.
Getting buy-in for information security spending from those who hold the purse strings can be tricky unless risks are properly assessed and articulated. See how some healthcare security leaders tackle the budget challenge.
If healthcare providers rely on the Direct protocol to meet HITECH Act Stage 2 data exchange requirements, how will that affect the fate of health information exchange organizations? Find out what some HIE experts think.
Security specialist David Newell outlines common pitfalls healthcare organizations need to avoid when conducting a risk analysis - such as focusing on an insufficient, narrow HIPAA compliance assessment.
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing healthcareinfosecurity.com, you agree to our use of cookies.