A call center worker at the Connecticut health insurance exchange loses a backpack containing notepads containing sensitive consumer information. Investigators want to know why the paper-based information left the building.
After receiving much criticism over the privacy and security provisions for HealthCare.gov, it's good to see HHS taking action to help ensure that "navigators" who assist consumers with getting insurance coverage adequately protect patient privacy.
In the struggle to comply with changing regulatory requirements amidst an evolving technological environment, addressing information security can be overwhelming for many healthcare providers. An expert offers tips for sustainable risk management.
CIO John Halamka, M.D., a well-known blogger, says information security accounts for about half of his work at Beth Israel Deaconess Medical Center. He explains why that's the case and discusses a variety of projects, including a test of Google Glass.
As federal regulators weigh changes in the requirements for the HITECH Act electronic health record financial incentive program, it's essential that they adequately address privacy and security issues.
Embedding some information security practitioners within business units could help improve IT security awareness in many enterprises, reducing security risk, says Steve Durbin, global vice president of the Information Security Forum.
The recent Verizon Data Breach Investigation Report notes more than 16,000 incidents in the past year where sensitive information was unintentionally exposed. "Nearly every incident involves some element of human error," the report notes.
To help address the shortage of qualified cybersecurity professionals, (ISC)Â² is offering colleges and universities a variety of assistance with bolstering cybersecurity education and preparing students for certification.
President Obama has reportedly decided that the government shouldn't exploit encryption flaws, such as Heartbleed, in most instances unless there's "a clear national security or law enforcement need." But how should that need be determined?
In many if not most enterprises, the chief information security officer reports to the chief information officer. After all, enterprises cannot function without IT, and security is a support function to safeguard data and systems. Or is it?