New federal privacy and security guidance for health information exchanges
provides a good framework, but the recommendations will need to be phased in over time, says the director of a statewide HIE initiative in Indiana.
Among the provisions of the Federal Information Security Amendments Act, approved by a voice vote, is a requirement that agencies implement continuous monitoring of their IT systems to identify vulnerabilities before a cyber incident occurs.
Though not perfect, says House Cybersecurity Co-Chair Jim Langevin, D-R.I., "CISPA represents an important good-faith effort to come together as a necessary first step toward better cybersecurity for our nation."
The new HITRUST Cybersecurity Incident Response and Coordination Center is an excellent concept. But will the collaborators be able to achieve their lofty goals of identifying and helping thwart hacker attacks?
Minnesota Attorney General Lori Swanson has issued a six-volume investigative report on Accretive Health Inc., a medical debt collection company that her office sued in January in connection with a data breach incident and other business practices.
What do the proposed Stage 2 rules for the HITECH Act electronic health record incentive program have to say about encryption and other security measures? Consumer advocate Deven McGraw provides an analysis.
The Health Information Trust Alliance is spearheading an effort to create a clearinghouse of information about hacker attacks against healthcare organizations as well as best practices for addressing these threats.
The Department of Veterans Affairs will not expand its use of iPads and iPhones until later this summer when an enterprisewide mobile device management system to monitor the devices and ensure security is implemented, says CIO Roger Baker.
The White House says President Obama would veto a bipartisan House bill that civil libertarians contend would threaten individual privacy but many businesses contend is needed to defend against cyber attacks.
Weeks, months or even years often go by before organizations discover they've been hacked, not learning of the attack until law-enforcement authorities inform them, says recently retired FBI Executive Assistant Director Shawn Henry.