Deven McGraw, co-chair of the Privacy and Security Tiger Team that's advising federal healthcare regulators, explains why she's frustrated by delays in rolling out new regulations to protect electronic health records and safeguard the exchange of patient information.
Healthcare organizations should carefully document all necessary breach investigation and notification actions and responsibilities to avoid chaos when an incident occurs, says Dawn Morgenstern, privacy official at the Walgreens national drugstore chain.
2011 has offered quite a number of tough lessons for security professionals. Here at (ISC)2, where security education is our focus, the close of another year raises the old teacher's question: "What have we learned, class?"
One key reason why encryption isn't more widely used in healthcare is that some information technology specialists have outdated perceptions about the technology, contends security expert Melodi Mosely Gates.
The bring-your-own-device trend is increasing, but work-place policies are not. ISACA's Ken Vander Wal says low employee awareness and the absence of any BYOD policy are to blame. So what can organizations do to fill their security gaps?
Contra Costa County, Calif., has sent out notification letters to residents whose names were referenced in a public document posted to the county's website regarding debts owed to the Health Services Department.
The draft legislation would have the Department of Homeland Security conduct risk assessments on critical national IT systems and lead efforts to adopt use of new technologies and practices to keep pace with emerging cyberthreats.