A laptop stolen from an employee of Accretive Health last year was not encrypted "due to the oversight of an individual IT employee," the company says in a 29-page comment letter sent to Sen. Al Franken, D-Minn. That employee subsequently was fired, the company reports.
A new guide from federal regulators on key privacy and security issues to address when adopting electronic health records is valuable. But additional guidance on risk assessments and other issues is needed.
Federal regulators have received hundreds of comments about proposed rules for Stage 2 of the HITECH Act EHR incentive program, sparking debate on many issues, including how to provide patients with prompt, secure access to their records.
Americans express a bit less anxiety about their security than they felt a year ago, perhaps because they've become desensitized by extensive news reports about cyberattacks last spring, says Unisys' Steve Vinsik.
Post-breach, organizations must have a full grasp on what happened - and convey that message consistently. Too often, that's not the case, says attorney Ronald Raether. What steps must organizations take?