As patient portals become more common in 2014, healthcare providers will struggle to find a balance between implementing strong authentication practices and providing individuals with easy access to records, says privacy attorney Adam Greene.
Healthcare entities are increasingly turning to the cloud, and regulators are increasingly focused on cloud service providers' security. Time to ensure those business associate agreements are in order, says Symantec's Rick Bryant.
Healthcare providers and their business associates need to take steps to protect patient data as they would defend any other significant business asset, says David Holtzman, a former senior official at the agency that enforces HIPAA.
The medical device industry faces four significant privacy and security challenges that pose potential threats to patients as well as manufacturers, says Michael McNeil, global security and privacy leader at Medtronic.
For years, researchers have studied malicious insider threats. But how can organizations protect themselves from insiders who make a mistake or are taken advantage of in a way that puts the organization at risk?
Although the enforcement date for the HIPAA Omnibus Rule was Sept. 23, compliance is an ongoing project, and educating smaller business associates is a continuing challenge, says Jeff Cobb, CISO at Capella Healthcare.
Bill Stewart, a privacy and security expert at medical device manufacturer Philips Healthcare, offers an explanation of when hospitals should apply software patches to devices on their own and when they should work with the supplier.
Before hiring a cloud services vendor, healthcare organizations should demand answers to tough questions about privacy and security, says Phil Curran, a hospital CISO who has scrutinized many companies.