Lawmakers have raised concerns that the Food and Drug Administration hasn't been as forthright as it should in disclosing an October breach that exposed personally identifiable information of 12,000 to 14,000 individuals.
Managers at all levels must understand their responsibilities in providing role-based cybersecurity training, says Patricia Toth, a computer scientist at the National Institute of Standards and Technology.
The HHS Office for Civil Rights, which enforces HIPAA, has some compliance issues of its own to address, according to a new inspector general report. But OCR officials say they've been addressing those matters.
A letter from eight prominent online companies to President Obama and Congress calls for reform of government surveillance programs, outlining concerns about the way the NSA monitors online and telephone communications.
Mobile security is no longer about managing devices, says Ian McWilton of Moka5. The real trick is to secure corporate assets through containerization solutions that reduce costs and improve user experience.
Federal regulators plan to give healthcare providers an extra year to comply with requirements, including enhanced privacy and security measures, for Stage 2 of the HITECH Act electronic health record incentive program.
Healthcare providers and their business associates need to take steps to protect patient data as they would defend any other significant business asset, says David Holtzman, a former senior official at the agency that enforces HIPAA.
The theft of 2 million credentials reminds security professionals that their organizations are at risk because many employees use the same passwords and devices for personal and business purposes, data security lawyer Ronald Raether says.
The Department of Health and Human Services should make several revisions in its plans for a revamp of the HIPAA accounting of disclosures rule and conduct pilot tests before implementing a final rule, an advisory panel recommends.