Debbie Christofferson has worked in IT and information security for many years. And if there's anything she's learned about risk management, it's this: It's all about risk. "All of your decisions about information security should be based on risk to the organization."
Just as most financial institutions have implemented security measures to protect access to customers' accounts and personal data, it is just a matter of time before healthcare organizations will be required to do the same.
A total price tag of nearly $1 billion for dealing with the aftermath of major breaches reported to federal authorities so far should motivate healthcare organizations to take aggressive steps to improve security, one analyst advises.
Lockheed Martin has won two contracts worth a total of $9 million to support further development of the National Health Information Network, a set of services, standards and policies that enable the secure exchange of health information over the Internet.
The California state legislature has passed a stronger data breach notification bill that could mean increased consumer privacy protection for residents -- if Gov. Arnold Schwarzenegger signs it into law.
Hospitals and physician groups that enter contracts with companies that remotely host systems, such as electronic health records, should spell out that the vendor will bear the cost of complying with new regulations, says Robert Wah, M.D., of Computer Sciences Corp.
Federal regulators have recalculated the cumulative tally of the number of Americans affected by major healthcare breaches. They now estimate that nearly 4.8 million individuals have been affected by the 138 breaches reported so far.
The leading electronic health records software companies should be able to quickly add the required security capabilities needed to qualify for the Medicare and Medicaid EHR incentive program, predicts Elise Ames of HIS Professionals.