To ensure the security of sensitive patient information, healthcare organizations need to build a long-term user authentication strategy that creates a comprehensive framework, says Sam Curry, chief technologist at RSA.
Creating a new risk assessment framework for breach notification is among the steps the Cleveland Clinic is taking to comply with the HIPAA Omnibus Rule. Find out other components of the organization's compliance strategy.
NIST's Ron Ross sees complexity as the biggest risk enterprises face. To ease risk, Ross favors moving data to the cloud. Purdue's Eugene Spafford doesn't fully subscribe to Ross' plan. The two square off in this interview.
To meet the HITECH Act electronic health record incentive program's upcoming requirements for health information exchange, providers will need to use security best practices. David Kibbe, M.D., of DirectTrust, explains how his group is fostering those practices.
In the aftermath of a massive health data breach last year and a smaller incident this year, the state of Utah is taking a number of steps, including creating a data security office within the health department.
Kaspersky Lab has identified a new spear-phishing attack involving a Trojan designed to target Android devices. Researcher Kurt Baumgartner says organizations need to be prepared for more mobile malware attacks.
Two organizations have received federal funding to support projects, including development of security best practices, designed to pave the way for nationwide health information exchange. Claudia Williams of ONC describes the goals.
An advisory panel is outlining how to address privacy and security issues involved in the exchange of patient information among healthcare providers using the query and response method. How will the recommendations be put to use?
The federal HIPAA compliance audit program won't resume until this fall at the soonest, says Susan McAndrew of the HHS Office for Civil Rights. She describes specific steps that organizations can take to prepare.