A conference hosted by the HHS Office for Civil Rights and the National Institute of Standards and Technology will provide insights on HIPAA Omnibus Rule compliance as well as other hot health data security topics.
As CIOs are asked to assemble more data to demonstrate their organization is providing high-quality care at a lower cost, their role in ensuring privacy and security is evolving, says technology specialist Harry Greenspun, M.D.
Providers of technologies employees acquire through unconventional channels that could bypass their employers' supply-chain controls are known as "shadow suppliers." Here's why you should care about them.
Encryption is an important breach prevention tool. But to make the right decisions about how to apply encryption, healthcare organizations should take four specific steps, says security expert Feisal Nanji.
Under HIPAA Omnibus, business associates are now directly liable for HIPAA compliance. But covered entities need to take steps to ensure their BAs are, indeed, HIPAA compliant, says privacy attorney Stephen Wu.
Ronald Sanders says it isn't easy to answer the question of whether the information security field should be professionalized. The former human capital officer at the Office of the Director of National Intelligence explains why.
Getting buy-in for information security spending from those who hold the purse strings can be tricky unless risks are properly assessed and articulated. See how some healthcare security leaders tackle the budget challenge.
If healthcare providers rely on the Direct protocol to meet HITECH Act Stage 2 data exchange requirements, how will that affect the fate of health information exchange organizations? Find out what some HIE experts think.
CERT Technical Manager Dawn Cappelli tells a tale of how three individuals, who unexpectedly quit their jobs at a law firm, used a free cloud service to sabotage files containing proprietary client information from their former employer.
Security specialist David Newell outlines common pitfalls healthcare organizations need to avoid when conducting a risk analysis - such as focusing on an insufficient, narrow HIPAA compliance assessment.
A key difference between state-sponsored espionage and organized criminals or hacktivists is the level of persistence and determination to break through defenses. Here's advice from security experts on defending against nation-state attacks.