Accounting for who has viewed a patient's electronic health record "is the single most difficult security requirement to figure out" in the HITECH Act. That's the conclusion of Lisa Gallagher, senior director for privacy and security at the Healthcare Information and Management Systems Society.
Hospitals should use a team approach to creating breach detection and breach notification strategies. That's the advice of Gerry Hinkley, senior partner at the law firm Pillsbury, Winthrop, Shaw and Pittman.
Hospitals preparing for a potential government audit of their HIPAA security rule compliance should "build a continual state of readiness," says David Wiseman, information security manager at Saint Luke's Health System, Kansas City, Mo.
To be fully prepared, Wiseman says hospitals should:
Conduct a HIPAA...
Sitting in an all-day security workshop at the HIMSS Conference in Atlanta Feb. 28 provided me with a good education about what's on the minds of security leaders. For example, one member of the audience said it was a "huge challenge" to ensure that when an employee is fired, their password is promptly deactivated so...
An association of healthcare CIOs has prepared a lengthy, harsh critique of proposed rules for the Medicare and Medicaid electronic health record incentive program.
The group advocates substantial revisions in the criteria for the incentives, which were created by the HITECH Act, as well as a much less aggressive...
Chief information security officers need to be able to translate technical projects into clear business terms, says Todd Fitzgerald, co-author of the book, "CISO Leadership Skills: Essential Principles for Success."
In an interview, Fitzgerald:
Describes the managerial skills that CISOs need;
Outlines how to...
The list of 36 recent major breaches of healthcare information posted on a government Web site likely represents a small fraction of the significant breaches in healthcare in recent months, security experts say.
The National Coordinator for Health Information Technology, David Blumenthal, M.D., has added Twitter to his communications arsenal. But how often will he tweet?
A while back, Dr. Blumenthal added "the Health IT Buzz Blog" to his Web site. But his blog entries have been few and far between. Let's hope Dr....
At a Senate hearing, Michael McConnell, the former director of national intelligence, added his voice to the growing chorus of cybersecurity experts who see dire consequences of a virtual attack on America's critical IT systems.