Susan McAndrew of the HHS Office for Civil Rights provides insights about an omnibus package of regulations - including a revised version of the HIPAA breach notification rule - that's now in the final stages of review.
The UK has announced the first fine against a National Health Service unit for a breach in violation of the Data Protection Act. The Aneurin Bevan Health Board in Wales was fined Â£70,000 by the Information Commissioner's Office for sending sensitive patient information to the wrong person.
Accretive Health Inc., a Chicago-based medical debt collection agency, has filed a motion to dismiss the Minnesota attorney general's lawsuit against the company that stems, in part, from a data breach incident involving a stolen unencrypted laptop.
New federal privacy and security guidance for health information exchanges
provides a good framework, but the recommendations will need to be phased in over time, says the director of a statewide HIE initiative in Indiana.
Among the provisions of the Federal Information Security Amendments Act, approved by a voice vote, is a requirement that agencies implement continuous monitoring of their IT systems to identify vulnerabilities before a cyber incident occurs.
Though not perfect, says House Cybersecurity Co-Chair Jim Langevin, D-R.I., "CISPA represents an important good-faith effort to come together as a necessary first step toward better cybersecurity for our nation."
The new HITRUST Cybersecurity Incident Response and Coordination Center is an excellent concept. But will the collaborators be able to achieve their lofty goals of identifying and helping thwart hacker attacks?