To ensure their business associates have conducted a thorough risk assessment and other HIPAA compliance tasks, covered entities must have a solid vendor management program in place, says security expert Mac McMillan.
The next round of HIPAA compliance audits by federal regulators are likely to focus on three key areas, says compliance expert David Holtzman, who until recently worked at the agency that enforces HIPAA.
When it comes to building a breach response team, too many healthcare organizations use a "volunteer firefighter model," taking inadequate steps to prepare for incidents, says security expert Brian Evans.
Getting the healthcare sector prepared for new and emerging cybersecurity threats is a new focus this year for the Office of the National Coordinator for Health IT, says its chief privacy officer, Joy Pritts.
The Department of Health and Human Services is taking the first steps toward resuming the HIPAA compliance audit program this year, examining business associates as well as covered entities. Find out what's planned.
The HIMSS 2014 Conference, to be held Feb. 23 to 27 in Orlando, will feature an impressive lineup of privacy and security educational content, plus updates from federal regulators. Check out the highlights.
Farzad Mostashari, M.D., the national coordinator for health information technology, sees the exchange of health information as a way to improve care quality. But what's his vision for achieving truly secure data exchange?
The Department of Health and Human Services conducts three types of audits or investigations involving privacy and security issues. But preparing for any of these inquiries requires similar steps, experts say.
The HIPAA Omnibus Rule could play an important role in improving the security of medical devices that store patient data, says an official with the agency that enforces HIPAA. Find out what part the rule could play.
Preparing for compliance with the privacy and security provisions of the HIPAA Omnibus Rule and the HITECH Act electronic health record incentive program go hand-in-hand, says federal privacy officer Joy Pritts.
Patient portals can fulfill some regulatory requirements related to providing individuals with electronic access to their medical records. But privacy and security concerns must be addressed, two experts say.