White House Cybersecurity Coordinator Howard Schmidt isn't buying into the grim forecasts that the United States is ill prepared to defend the government's and nation's critical information assets from an immense virtual attack by political adversaries or cyber criminals.
"Historically, there's been a dichotomy between network security on the one hand and investigative process on the other," FBI Director Robert Mueller says. "It has been a great divide between us but needn't be."
Under a proposed federal rule unveiled March 2, organizations designated to certify electronic health records software will assess the applications' security functionality but not require the use of specific security standards.
The three major regulations to support the electronic health records incentive program will be finalized by the end of spring, according to the team leader for the federal government's HITECH Act implementation effort.
The Obama administration posts a declassified summary of the government's Comprehensive National Cybersecurity Initiative, a highly secret Bush-era program aimed at securing the nation's critical IT security assets.
Accounting for who has viewed a patient's electronic health record "is the single most difficult security requirement to figure out" in the HITECH Act. That's the conclusion of Lisa Gallagher, senior director for privacy and security at the Healthcare Information and Management Systems Society.