"Historically, there's been a dichotomy between network security on the one hand and investigative process on the other," FBI Director Robert Mueller says. "It has been a great divide between us but needn't be."
Under a proposed federal rule unveiled March 2, organizations designated to certify electronic health records software will assess the applications' security functionality but not require the use of specific security standards.
The three major regulations to support the electronic health records incentive program will be finalized by the end of spring, according to the team leader for the federal government's HITECH Act implementation effort.
The Obama administration posts a declassified summary of the government's Comprehensive National Cybersecurity Initiative, a highly secret Bush-era program aimed at securing the nation's critical IT security assets.
Accounting for who has viewed a patient's electronic health record "is the single most difficult security requirement to figure out" in the HITECH Act. That's the conclusion of Lisa Gallagher, senior director for privacy and security at the Healthcare Information and Management Systems Society.
Hospitals should use a team approach to creating breach detection and breach notification strategies. That's the advice of Gerry Hinkley, senior partner at the law firm Pillsbury, Winthrop, Shaw and Pittman.
An association of healthcare CIOs has prepared a lengthy, harsh critique of proposed rules for the Medicare and Medicaid electronic health record incentive program.
The group advocates substantial revisions in the criteria for the incentives, which were created by the HITECH Act, as well as a much less aggressive...
The list of 36 recent major breaches of healthcare information posted on a government Web site likely represents a small fraction of the significant breaches in healthcare in recent months, security experts say.