New guidance on when to notify authorities of a breach is one of the most significant provisions in the HIPAA omnibus final rule, experts say. Find out what other provisions are drawing attention.
ENISA, the European Union cyber-agency, is out with its first-ever Threat Landscape report. What are the emerging threats and vulnerabilities, and how should organizations globally respond to them?
The idea of the U.S. federal government and industry jointly developing IT security best practices will do little to help critical infrastructure operators defend against cyber-risk, says Business Roundtable Vice President Liz Gasster.
In the rush to allow personal devices to be used for work, we in application security neglected to examine thoroughly the new risks external applications may introduce to our organizations.
As part of the Obama adminstration's gun control efforts, HHS is reminding healthcare providers that HIPAA allows them to disclose patient health information to law enforcement if they believe the patient is a danger to themselves or to others.
Banking institutions have spent the last two years enhancing authentication to conform to regulatory mandates. Organizations in other sectors can learn important authentication lessons from the banking industry.
The failure to pass privacy legislation in the U.S. hasn't stopped regulatory agencies from taking matters into their own hands - a pattern that will continue throughout 2013, says a panel of attorneys.
The National Institute of Standards and Technology plans to develop platform options for secure health information exchange, especially among smaller providers. But how soon will the platforms be available?
In this week's breach roundup, British Columbia's health minister has confirmed personal health data for millions of individuals was accessed for research purposes without authorization, and a Canadian agency lost a device containing student loan information for almost 600,000.
The long overdue final HIPAA omnibus rule has been released. The package includes extensive modifications to the HIPAA privacy, security and enforcement rules as well as an updated version of the HIPAA breach notification rule.
Two new insider fraud cases showcase the challenges organizations face to detect and prevent crimes by trusted employees. "You need IT controls, but you need more than IT," says researcher Randy Trzeciak.
Commenters reacting to proposed HHS requirements for Stage 3 of the HITECH Act electronic health record incentive program raise a wide range of privacy and security concerns. Find out what the AMA and others had to say.
Smart phones that give many IT security managers headaches in developing security policies are being used in increasing numbers to help safeguard systems and applications, thanks to more muscular biometric features, says Steve Vinsik of Unisys.
Convenience is nice, but don't equate making work easier with productivity - especially to the tune of $28 billion a year for the U.S. federal government, which a just-released survey contends.
Following a breach, one healthcare organization banned the use of cell phones by volunteers. Was this a proactive measure or an overreaction? Kate Borten and other security experts offer analysis.
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing healthcareinfosecurity.com, you agree to our use of cookies.
