The Department of Veterans Affairs is seeking advice from cloud computing vendors on the feasibility of using commercial software-as-a-service collaborative tools that eventually could meet the needs of all of its 134,000 medical personnel.
Because social media pose significant risks to patient privacy, healthcare organizations need to develop detailed social media policies. But unfortunately, many organizations have yet to take that action.
"Veterans should have consistent and convenient access to reliable VA information real time using social media, whether on a smartphone or a computer," Secretary of Veterans Affairs Eric Shinseki says.
Healthcare organizations entering cloud computing contracts should carefully consider whether they need additional liability insurance coverage to address the risks involved, says IT consultant Gerard Nussbaum.
A federal proposal to require healthcare organizations to provide patients with access reports listing everyone who has electronically viewed their information is impractical, says Dan Rode of the American Health Information Management Association.
Though IT business application functions and security-focused practices are expected to be integrated as a single process, secure configuration is the management and control of configurations for information systems to enable security and facilitate the management of information security risk.
As far as Dr. Giles Hogben of ENISA is concerned, now might be the golden opportunity for information security experts to influence the security and privacy measures that may help define Internet safety for the next decade or beyond.
Bob Russo says the long-awaited PCI guidance on tokenization should provide merchants with a baseline for standardization and best practices, and serve as a roadmap for how tokenization can complement compliance with the PCI-DSS.
"There are still a lot of inexperienced people out there that are passing themselves off as experts," says Scott Laliberte, managing director of Protiviti, outlining the common challenges of penetration testing.