Business associate agreements should not be a dumping ground for healthcare entities to make demands on their vendors with provisions that go beyond specific HIPAA privacy and security regulations, says attorney Gerry Hinkley.
Verizon's latest annual breach report shows that Web application attacks increased more than malware-fueled point-of-sale intrusions in 2013, says analyst Dave Ostertag, who provides an overview of the report's findings.
While the 2014 Healthcare Information Security Today survey indicates more healthcare entities are performing HIPAA security risk assessments, smaller providers and business associates are still struggling with this task, says security expert Kate Borten....
Many covered entities are still tackling the challenge of making sure their business associates are HIPAA compliant, says security specialist Andrew Hicks, who analyzes the results of the 2014 Healthcare Information Security Today survey ....
Thorough documentation will be more important in the next round of HIPAA compliance audits slated to begin this fall because most will not involve onsite examinations, says privacy attorney Adam Greene.
Even so-called minor breaches can cost organizations nearly $200,000, according to one finding from NTT Group's annual Intelligence Report. Rob Kraus of Solutionary shares the study's insights and advice.
To ensure their business associates have conducted a thorough risk assessment and other HIPAA compliance tasks, covered entities must have a solid vendor management program in place, says security expert Mac McMillan.
One key factor in efforts to reduce reliance on passwords for authentication will be international acceptance of the FIDO Alliance's soon-to-be released protocol for advanced authentication, says Michael Barrett, the alliance's president.
The next round of HIPAA compliance audits by federal regulators are likely to focus on three key areas, says compliance expert David Holtzman, who until recently worked at the agency that enforces HIPAA.
When it comes to building a breach response team, too many healthcare organizations use a "volunteer firefighter model," taking inadequate steps to prepare for incidents, says security expert Brian Evans.
Phyllis Schneck, the Department of Homeland Security's deputy undersecretary for cybersecurity, equates the department's continuous diagnostics and mitigation initiative with a medical probe detecting an infection in the human body.
In the wake of high-profile breaches and data leaks, the government will pay a lot more attention to information security. Are security pros ready for this scrutiny? Professor Eugene Spafford has his doubts.