HHS has issued new health data privacy guidance and announced a contest to create an online "model privacy notice generator." Plus, it's issued a reminder about the importance of reviewing and securing audit logs to help prevent and detect breaches.
A list of "super user" passwords - and a default username - now circulating online appears to allow unauthorized access to some webcam video streams, security researchers warn. If confirmed, it would be yet another massive internet of things security failure by a device manufacturer.
A physician who used her patients' information to aid her successful 2015 campaign for Virginia state senator in violation of the HIPAA Privacy Rule won't be sanctioned by federal regulators.
A U.K. Information Commissioner's report on its investigation into a 2015 TalkTalk breach offers essential information security takeaways for any organization that wants to avoid being breached, says David Stubley of 7 Elements.
The transition to a new presidential administration makes forecasting for HIPAA enforcement activity in 2017 difficult, says privacy attorney David Holtzman of the consultancy Cynergistek, who sizes up what the HHS Office for Civil Rights might do this year.
In an effort to help advance secure nationwide health data exchange, federal regulators have released an updated online tool to help healthcare entities and technology developers sort through critical standards and implementation specifications. Learn why some thought leaders are giving the guide a thumbs up.
The National Governors Association, in a new road map for improving nationwide secure health data exchange, proposes that states attempt to better align their privacy laws to the federal HIPAA Privacy Rule to help remove legal barriers.
The impact of the patient data privacy and security provisions of the 21st Century Cures Act, signed into law Dec. 13, will depend, in part, on who is chosen to study key issues and come up with recommendations, says attorney Steven Teppler.
Over the years, HHS has released several guidance documents, but all are weak and without mandates as it relates to identity management and authentication of entities accessing protected health information. Guidance typically includes words like "may" and "should," but rarely include words like "shall" or "must."
Leading the latest edition of the ISMG Security Report: an analysis of the impact on healthcare information security and privacy of the 21st Century Cares Act, which President Obama signed into law Dec. 13. Also, a report on the spread of malvertising and an update on the Bangladesh Bank cyber heist.
Has the healthcare sector finally reached a data security tipping point? Dave Summitt, CISO of H. Lee Moffitt Cancer Center, and many of his peers think so. And it's about time.
Federal regulators have issued new guidance to clarify what uses and disclosures of patient information for public health reporting, surveillance and investigations are permitted under HIPAA's privacy regulations.
President Obama is expected on Dec. 13 to sign the 21st Century Cures Act, which the Senate passed on Dec. 7. Among its long list of provisions, the bill lays out a number of privacy and security-related projects for HHS, including imposing fines on those that intentionally block health data information sharing.
In a rare settlement of a data breach class action lawsuit, Tampa General Hospital has agreed to pay plaintiffs who alleged they're at risk for identity theft as a result of insider incidents. But was the settlement amount appropriate?
Facebook, Microsoft, Twitter and YouTube have promised to contribute to a shared database containing hashes - digital fingerprints - of images and videos that promote hatred or terror to facilitate more rapid takedowns. But does the project go far enough?
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing healthcareinfosecurity.com, you agree to our use of cookies.