Federal HIPAA privacy and security rule compliance audits of healthcare organizations and their business associates likely will start later this year, says Susan McAndrew, deputy director for privacy in the HHS Office for Civil Rights.
A new Dartmouth College study illustrates the risks involved in using peer-to-peer networks as well as the dangers of storing patient information in spreadsheets and documents outside of electronic health records.
In an interview, Daniel advises practices to "bake in" security technologies and practices from the start of an EHR implementation. He advises practices to ask records software companies tough questions about privacy and security issues, including:
Officials with the HHS Office for Civil Rights shed some light on a number of security-related topics at a conference the office co-sponsored May 11-12 in the nation's capital. For example, Susan McAndrew, OCR's deputy director for privacy, revealed that the random HIPAA compliance audits called for under the HITECH...
The best way to persuade physicians to take information security seriously is to explain the business risks involved, says Robert Tennant, senior policy analyst with the Medical Group Management Association, the trade group for physician group practice administrators.
Whitehouse Cybersecurity Coordinator Howard Schmidt used wit to share his wisdom about healthcare information security in a rambling, folksy keynote address this week. He stressed that healthcare organizations of all sizes need to take security more seriously.
Social media "are a data security person's worst nightmare," says Sharon Finney, corporate data security officer at Adventist Health System. So Finney and her team spent more than six months crafting security policies for limited use of the new media.