Under the new HIPAA Omnibus Rule, business associates and their subcontractors are now directly liable for HIPAA compliance. But what kinds of companies meet the definition of a business associate? Privacy attorney Stephen Wu explains.
Bruce McConnell, acting deputy undersecretary for cybersecurity, says he'll resign from the Department of Homeland Security on Aug. 10, making him the third senior cybersecurity official to leave DHS this year. He's seen as one of DHS's leading cybersecurity theorists.
After going back to the drawing board, federal advisers have reached their original conclusion: No special privacy or security policies are needed for non-targeted health data queries. Read their rationale.
Janet Napolitano's departure as homeland security secretary could have an adverse impact on the nation's cybersecurity policy, at least temporarily, considering the posts of deputy secretary and deputy undersecretary for cybersecurity remain vacant.
Texas Health Harris Methodist Hospital Fort Worth is notifying patients of a breach involving decades-old microfiche medical records discovered in a dumpster. This is the second healthcare breach affecting more than 100,000 individuals reported in recent days.
Addressing cyber-attacks is not just a technology issue. It requires a holistic view from the entire organization, says ISACA's Jeff Spivey, who emphasizes the need for a framework approach to security.
Healthcare organizations aren't performing enough analysis of user behavior to detect possible insider threats, says security consultant Mac McMillan, who outlines the importance of auditing for abnormalities.
Insurer WellPoint has agreed to pay the Department of Health and Human Services $1.7 million to settle a HIPAA case stemming from a website data breach that may have exposed information on more than 612,000 individuals.
After a federal court dismissed a class action lawsuit filed against Adventist Health System in the aftermath of a breach affecting 763,000 patients, another lawsuit was immediately filed in a state court. Find out the details.
A unit of the U.S. Commerce Department overreacted to perceived malware infections and unnecessarily spent more than half of its IT budget to mitigate the situation, according to an inspector general audit.