Healthcare organizations need to improve the methods they use to objectively assess the severity of a security incident and whether it should be reported to comply with the HITECH Act's breach notification rule, one privacy officer says.
"Signatures are not going to be the way of the future because we don't have time to put a name or a pattern on enemy behaviors and pass it out and block it," says Phyllis Schneck, McAfee chief technology officer/public sector.
In the year since the breach notification rule for personal health records took effect, no major breaches affecting 500 or more individuals have been reported, according to the Federal Trade Commission.
For the second time in recent weeks, organizations with ties to the Mayo Clinic have announced staff firings as a result of inappropriate access to confidential personal health information.
Healthcare organizations need to improve the methods they use to objectively assess the severity of a security incident and whether it should be reported, says David Parks, a privacy officer and attorney.
When it comes to managing relationships with business associates to help with HITECH Act compliance, healthcare organizations could learn some lessons from the banking industry.
New York-Presbyterian Hospital/Columbia University Medical Center says a security breach may have exposed information on 6,800 patients on the Internet in July.
Kevin Johnson, SANS instructor and security expert, on what you need to know about Stuxnet, Twitter worms and other new threats to organizations and privacy.
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing healthcareinfosecurity.com, you agree to our use of cookies.