Despite the new instructions on breach notification in the HIPAA Omnibus Rule, there's still plenty of uncertainty about what constitutes a "compromise" of data that triggers notification, says privacy attorney Adam Greene.
When it comes to breach prevention, many organizations are improving their own security posture, but neglecting that of their strategic partners. Trend Micro's Tom Kellermann outlines third-party risks.
In an interview about virtual supply chain threats, Kellermann discusses:
Supply chain gaps organizations...
Consumer advocate Deven McGraw says many provisions in the HIPAA Omnibus Rule, including better breach notification guidance and expansion of HIPAA liability to business associates, will provide substantial benefits to patients.
In 2012, ExperianÂ® Data Breach Resolution dealt with 1700 breaches - 800 of them in the healthcare sector. What are the common gaps for organizations looking to comply with new HIPAA Omnibus standards?
When it resumes, the HIPAA compliance audit program will be more focused in terms of what's evaluated but will encompass a broader range of organizations, says Verne Rinker of the HHS Office for Civil Rights.
Under the HIPAA Omnibus Rule, security incidents are presumed to be reportable data breaches unless healthcare organizations demonstrate through a four-factor assessment that risks are low, explains privacy expert Kate Borten.
Under HIPAA Omnibus, business associates are now directly liable for HIPAA compliance. But covered entities need to take steps to ensure their BAs are, indeed, HIPAA compliant, says privacy attorney Stephen Wu.
The new Aurora Research Institute is taking multiple steps to protect the privacy of patients who participate in medical research, clinical trials and personalized medicine endeavors, says institute leader Randall Lambrecht.