The New York eHealth Collaborative is developing a national provider directory to ensure that electronic queries for patient data go to the right place and privacy is protected, says the group's leader, David Whitlinger.
Two insiders at healthcare facilities affiliated with the University of Florida have been arrested in ID theft cases. The breaches were part of a broader ID theft ring, authorities allege, and more arrests are pending.
The Obama administration's proposed budget for HHS includes a hefty increase in funding for the office that runs the HITECH electronic health record incentive program and a smaller budget hike for the HIPAA enforcement unit.
The SEC in 2011 issued staff guidance on disclosure obligations regarding cyber-risks and incidents. Now, Senate Commerce Committee Chairman Jay Rockefeller wants the SEC commissioners themselves to provide the guidance.
An administration spokeswoman says a House committee has made a good-faith effort to address White House concerns about the information-sharing bill, but contends fundamental priorities still haven't been addressed.
To prevent data breaches, healthcare organizations are taking a number of critical steps, including ramping up their use of encryption, the second annual Healthcare Information Security Today Survey shows.
The advocacy group Patient Privacy Rights has co-developed a "trust framework" that IT vendors and their clients can use to help measure compliance with privacy principles. But will it prove practical?
To ensure the security of sensitive patient information, healthcare organizations need to build a long-term user authentication strategy that creates a comprehensive framework, says Sam Curry, chief technologist at RSA.
Creating a new risk assessment framework for breach notification is among the steps the Cleveland Clinic is taking to comply with the HIPAA Omnibus Rule. Find out other components of the organization's compliance strategy.
NIST's Ron Ross sees complexity as the biggest risk enterprises face. To ease risk, Ross favors moving data to the cloud. Purdue's Eugene Spafford doesn't fully subscribe to Ross' plan. The two square off in this interview.
To meet the HITECH Act electronic health record incentive program's upcoming requirements for health information exchange, providers will need to use security best practices. David Kibbe, M.D., of DirectTrust, explains how his group is fostering those practices.
In the aftermath of a massive health data breach last year and a smaller incident this year, the state of Utah is taking a number of steps, including creating a data security office within the health department.
Kaspersky Lab has identified a new spear-phishing attack involving a Trojan designed to target Android devices. Researcher Kurt Baumgartner says organizations need to be prepared for more mobile malware attacks.