Educating staff about keeping protected health information off social media should be a high priority, much like education about sexual harassment, discrimination or any other behavior with zero tolerance.
Debbie Christofferson has worked in IT and information security for many years. And if there's anything she's learned about risk management, it's this: It's all about risk. "All of your decisions about information security should be based on risk to the organization."
Just as most financial institutions have implemented security measures to protect access to customers' accounts and personal data, it is just a matter of time before healthcare organizations will be required to do the same.
A total price tag of nearly $1 billion for dealing with the aftermath of major breaches reported to federal authorities so far should motivate healthcare organizations to take aggressive steps to improve security, one analyst advises.
Lockheed Martin has won two contracts worth a total of $9 million to support further development of the National Health Information Network, a set of services, standards and policies that enable the secure exchange of health information over the Internet.
The California state legislature has passed a stronger data breach notification bill that could mean increased consumer privacy protection for residents -- if Gov. Arnold Schwarzenegger signs it into law.
Hospitals and physician groups that enter contracts with companies that remotely host systems, such as electronic health records, should spell out that the vendor will bear the cost of complying with new regulations, says Robert Wah, M.D., of Computer Sciences Corp.
Federal regulators have recalculated the cumulative tally of the number of Americans affected by major healthcare breaches. They now estimate that nearly 4.8 million individuals have been affected by the 138 breaches reported so far.