The lack of uniformity in federal and state privacy and security requirements is creating major challenges for health information managers attempting to comply, says Lynne Thomas Gordon, the new CEO of the American Health Information Management Association.
Every organization likes its business continuity/disaster recovery plan before a disaster, says Al Berman of DRI International. But in the aftermath? Different story - and one that must be addressed in 2012.
Smaller hospitals and clinics soon will get some extra guidance from federal regulators about preparing risk assessments. But a federal advisory group has urged the Department of Health and Human Services to offer far more guidance on a variety of information security issues.
With many questions left unanswered regarding comprehensive cybersecurity legislation, the future seems bleak. But there's hope, says Jacob Olcott, a former top Capitol Hill staffer on cybersecurity matters.
Deven McGraw, co-chair of the Privacy and Security Tiger Team that's advising federal healthcare regulators, explains why she's frustrated by delays in rolling out new regulations to protect electronic health records and safeguard the exchange of patient information.
Healthcare organizations should carefully document all necessary breach investigation and notification actions and responsibilities to avoid chaos when an incident occurs, says Dawn Morgenstern, privacy official at the Walgreens national drugstore chain.
2011 has offered quite a number of tough lessons for security professionals. Here at (ISC)2, where security education is our focus, the close of another year raises the old teacher's question: "What have we learned, class?"