Healthcare organizations need to implement role-based privacy and security training to identify specific types of education for employees with different levels of access to protected health information, says Alex Eremia, chief privacy officer at MedStar Health.
A personalized medicine project leveraging genetic information holds great promise for improving patient treatment but raises certain privacy issues, says Scott Megill, CIO at the Coriell Institute for Medical Research.
Art Coviello, RSA's executive chairman, confirms that information taken from RSA in March had been used as an element of an attempted broader attack discovered late last month on SecurID customer and defense contractor Lockheed Martin.
Despite improvement in organizations' abilities to plan for and predict disasters, they still lack an effective response. In fact, the biggest gap in business continuity today is understanding, says Lyndon Bird, director at the Business Continuity Institute.
Revelations that Google's Gmail and Sony Pictures were both targeted by hackers highlights growing concerns about cybersecurity and the sophistication - and frequency - of attacks, as well as how to keep the public informed about such incidents.
"Just securing the data is no longer enough," says Trevor Hughes, head of the International Association of Privacy Professionals. 'Privacy professionals, in addition, need to prepare for what happens when things go wrong."
A provision in the proposed Accounting of Disclosures Rule mandated under the HITECH Act that calls for providing patients with an "access report" listing everyone who's electronically accessed their records is stirring up debate.
As part of its ongoing effort to improve the interoperability of digital certificates for authentication, the Office of the National Coordinator for Health Information Technology is seeking comments by June 5 on the best approaches.
The House Subcommittee on Commerce, Manufacturing and Trade heard from Sony and Epsilon about breaches that adversely affected consumer information. Both companies support a national data security and breach notification law.