Federal officials should offer detailed guidance on how to conduct a "risk of harm" assessment to comply with the HITECH Act Breach Notification Rule, says Harry Rhodes, director of practice leadership at the American Health Information Management Association.
"It's not enough to know the architecture of the breach system," says Michael Aisenberg of MITRE Corp. "Leaders have to understand the different jurisdiction of where they do business, where their customers are and which breach law applies."
Security experts at this week's Gartner Security and Risk Management Summit agree: Security, not compliance, has to be the new focus. Cyberintrusions cannot be stopped, and the RSA breach should be a lesson to the industry.
Farzad Mostashari, who heads the Office of the National Coordinator for Health IT, has described why electronic health records play an important role in disaster preparedness.
A total of 11 million Americans have been affected by major health information breaches since September 2009. So far in 2011, 2.7 million have been affected by 32 incidents.
Authorities charged Ryan Cleary with distributed denial of service attacks on a British law enforcement agency that LulzSec claimed it hacked on Monday. Police also charged the suspect with attacks claimed by the group Anonymous against two music industry sites last fall.
The arrest followed an investigation into network intrusions and distributed denial of service attacks against a number of international business and intelligence agencies by what is believed to be the same hacking group.
Facebook's facial recognition feature clearly impacts the privacy profession and workplace by creating new challenges and raising significant concerns on the issue of trust.
The California Supreme Court has ruled that a key provision of a tough state medical privacy law is not preempted by federal regulations. The evolving case, which eventually could wind up before the U.S. Supreme Court or grow into a class action case at the state level, is worth watching.
Not all shootings, fires and accidents are of equal import, regardless of the dramatic visuals they may produce. The same can be said about information security breaches.
Working with business associates to prevent health information breaches requires far more than writing detailed contract terms on privacy and security, says regulatory expert Christopher Hourihan.
Security consultant Rebecca Herold says that although the proposed Accounting of Disclosures rule poses challenges, it would provide patients with useful information about who accesses their records.
Recent hacks have uncovered security vulnerabilities that should have been addressed years ago. "These attacks are going to escalate," says Josh Corman of The 451 Group. But organizations can implement basic steps to make the hackers' job harder.
An unencrypted laptop computer that's missing from the United Kingdom's National Health Service North Central London health authority contained information on 8.63 million people, according to a report on The Sun newspaper's website.
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing healthcareinfosecurity.com, you agree to our use of cookies.
