Under HIPAA Omnibus, business associates are now directly liable for HIPAA compliance. But covered entities need to take steps to ensure their BAs are, indeed, HIPAA compliant, says privacy attorney Stephen Wu.
Getting buy-in for information security spending from those who hold the purse strings can be tricky unless risks are properly assessed and articulated. See how some healthcare security leaders tackle the budget challenge.
From a risk-management perspective, Bloomberg didn't consider its reputation when it allowed its reporters to track the log activity of Bloomberg Terminal customers.
If healthcare providers rely on the Direct protocol to meet HITECH Act Stage 2 data exchange requirements, how will that affect the fate of health information exchange organizations? Find out what some HIE experts think.
Security specialist David Newell outlines common pitfalls healthcare organizations need to avoid when conducting a risk analysis - such as focusing on an insufficient, narrow HIPAA compliance assessment.
Business associates have new obligations under the HIPAA Omnibus Rule. What key compliance steps do they need to take? An expert on healthcare security and regulatory issues provides answers.
Payment data and personal information are both attractive targets for criminals, says breach investigator Erin Nealy Cox of forensics firm Stroz Friedberg. Learn why she says card data isn't the only lucrative target.
Unless they earn patients' and providers' trust, healthcare information exchanges are destined to fail. That's why it's essential to tackle key privacy and security issues right away.
Attorney Helen Oscislawski, a regulatory expert, explains why healthcare organizations must carefully scrutinize their marketing and fundraising policies to prepare for HIPAA compliance.
The OWASP Top Ten list of security risks was created more than a decade ago to be the start of an industry standard that could bootstrap the legal system into encouraging more secure software. Here are the 2013 updates.
The new HIPAA Omnibus Resource Center from Information Security Media Group offers news, insights and analysis to assist covered entities as well as business associates with compliance.
A recent $1 million cyberheist at a county hospital illustrates why healthcare organizations must pay attention to securing financial as well as clinical data - and educate staff about how to recognize phishing e-mails.
A citizen's petition that received more than 117,000 signatures asks the White House to stop the Cyber Intelligence Sharing and Protection Act. Why does the White House response suggest a redo of last year's battle over cybersecurity legislation?
Lack of training has been the cause of many HIPAA compliance problems. That's why the Department of Health and Human Services is taking several steps to ramp up education.
HIPAA-compliance consultant Bill Miaoulis outlines a number of critical steps that many healthcare organizations fail to take to ensure the security of data on mobile devices.
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing healthcareinfosecurity.com, you agree to our use of cookies.