Some healthcare industry stakeholders say the Trusted Exchange Framework that HHS proposes to promote secure, interoperable nationwide health data exchange, while a good starting point, lacks clarity on certain security and privacy issues.
Is your organization prepared for GDPR? The GDPR goes into effect this year on May 25th, 2018! It still remains to be seen exactly how it will be enforced and what specific measures organizations must take to comply. What is clear, however, is that personal data must be protected or severe penalties may be imposed....
Leading the latest edition of the ISMG Security Report: The Department of Justice indicts Russians for allegedly running an industrialized troll factory designed to influence U.S. politics. Also, a feature in Australia's new real-time payment system could be abused by identity thieves.
Federal agencies recently gave medical research organizations and others an extra six months to comply with most provisions of the updated "Common Rule" regulations that aim to protect human subjects in research, including ensuring their privacy. What's the impact of the delay?
Iliana Peters has left the Department of Health and Human Services' Office for Civil Rights just months after she was named to replace the agency's former top HIPAA enforcer, Deven McGraw. Is OCR experiencing a HIPAA brain drain?
Google is prepping its Chrome browser to brand as "not secure" every site a user tries to visit that does not use HTTPS encryption by default. The move is meant to push more sites to use HTTPS to secure communications and help block eavesdropping and man-in-the-middle attacks.
Healthcare entities are increasingly considering user and entity behavioral analytics tools because their previous breach prevention and detection efforts have fallen short, says security expert Mac McMillan.
A new report from a Veterans Affairs watchdog agency on a guest Wi-Fi network that was set up at a VA medical center without coordination with VA IT officials to ensure security spotlights the risks and challenges that many healthcare entities face with so called "shadow IT."
Orwell got it wrong: People are less likely to surrender their privacy to a totalitarian state than to the lure of sharing holiday snaps, cat videos or the route and time they took for their latest cycling, jogging or kiteboarding outing, as captured by a wearable fitness device.
In one of the largest HIPAA settlements ever, federal regulators have signed a $3.5 million settlement with a Massachusetts-based healthcare organization that reported five small health data breaches in 2012 involving lost or stolen unencrypted computing devices.
Federal regulators are warning healthcare entities and business associates to take action to prevent becoming the next victim of cyber extortion, such as a ransomware attack. What are the recommended steps? And what other insights do experts offer?
Fitness app and website developer Strava has landed in hot water after publishing a global heat map that shows users' workout routes in aggregate. By doing so, the firm has inadvertently revealed military installation layouts and other sensitive information.