"Today's risk management professionals really need to take a strategic view of managing risk to be relevant in achieving the organization's expected outcome," says Philip Alexander of Wells Fargo Bank.
Sheryl Rose, the first chief information security officer at Catholic Health Initiatives, is leading efforts to implement a comprehensive security strategy as the organization rolls out electronic health records.
As criteria are developed for the next stages of the HITECH Act electronic health record incentive program, it's essential that privacy and security issues are adequately addressed, one consumer advocacy group stresses.
Describing it as the capstone publication of a partnership with the defense and intelligence communities, NIST publishes new guidance on managing security risk associated with the operation and use of IT systems.
NIST updates its national checklist program for IT products, tech specs for SCAP and guide to using vulnerability naming schemes as well as providing a status report on its cryptographic hash algorithm competition.
A team headed by Senior Computer Scientist Ron Ross will update one of NIST's premier risk management publications - SP 800-53: Recommended Security Controls for Federal Information Systems and Organizations.
As federal authorities continue efforts to develop privacy and security guidelines for health information exchanges, a new survey shows that healthcare providers and others consider privacy and security as the issues with the most potential to derail HIEs.
In the second major HIPAA enforcement action announced by federal authorities this week, Massachusetts General Hospital and its physicians organization have entered into a resolution agreement that calls for paying a $1 million settlement and taking corrective action to avoid future violations.