Under HIPAA Omnibus, many cloud computing providers are considered business associates directly liable for HIPAA compliance. What safeguards to protect health data should covered entities expect cloud providers to implement?
In this week's roundup, University of Virginia students' Social Security numbers were exposed on mailed health insurance brochures. Also, a California hospital reports a case of inappropriate records access by a staff member.
Federal authorities have indicted five Russians and Ukrainians linked to Heartland hacker Albert Gonzalez for the roles they allegedly played in a credit and debit card fraud scheme that compromised more than 160 million cards.
The National Security Agency is piloting a new program, as a result of the Edward Snowden incident, in which systems administrators with top-secret clearance can access certain secret documents only with the approval of another colleague.
A former respiratory therapist has pleaded guilty in an ID theft case involving more than 800 patient records. A security expert explains why detecting insider fraud can be difficult and offers prevention tips.
What can the Food and Drug Administration do to improve the security of medical devices? Sharon Finney, data security leader at Adventist Health System, offers her insights and also describes her organization's security efforts.
Under the new HIPAA Omnibus Rule, business associates and their subcontractors are now directly liable for HIPAA compliance. But what kinds of companies meet the definition of a business associate? Privacy attorney Stephen Wu explains.
Bruce McConnell, acting deputy undersecretary for cybersecurity, says he'll resign from the Department of Homeland Security on Aug. 10, making him the third senior cybersecurity official to leave DHS this year. He's seen as one of DHS's leading cybersecurity theorists.
After going back to the drawing board, federal advisers have reached their original conclusion: No special privacy or security policies are needed for non-targeted health data queries. Read their rationale.