Today's advanced threats are no secret. Focusing the correct resources on them is the true challenge, says Will Irace of General Dynamics Fidelis Cybersecurity Solutions. He offers tips for harnessing the right skills and technology.
When it comes to the impending Sept. 23 HIPAA Omnibus enforcement deadline, many smaller organizations are making serious progress - or seriously procrastinating, says compliance expert Margie Satinsky.
As Riverside Medical Center in Illinois prepares for HIPAA Omnibus Rule compliance, it's facing push-back from some business associates about new requirements, says Erik Devine, chief security officer.
After organizations update their policies and procedures to comply with the new breach notification requirements of HIPAA Omnibus, they must thoroughly test their response plans, attorney Ellen Giblin stresses.
Despite the new instructions on breach notification in the HIPAA Omnibus Rule, there's still plenty of uncertainty about what constitutes a "compromise" of data that triggers notification, says privacy attorney Adam Greene.
When it comes to breach prevention, many organizations are improving their own security posture, but neglecting that of their strategic partners. Trend Micro's Tom Kellermann outlines third-party risks.
In an interview about virtual supply chain threats, Kellermann discusses:
Supply chain gaps organizations...
Consumer advocate Deven McGraw says many provisions in the HIPAA Omnibus Rule, including better breach notification guidance and expansion of HIPAA liability to business associates, will provide substantial benefits to patients.
In 2012, ExperianÂ® Data Breach Resolution dealt with 1700 breaches - 800 of them in the healthcare sector. What are the common gaps for organizations looking to comply with new HIPAA Omnibus standards?
When it resumes, the HIPAA compliance audit program will be more focused in terms of what's evaluated but will encompass a broader range of organizations, says Verne Rinker of the HHS Office for Civil Rights.
Under the HIPAA Omnibus Rule, security incidents are presumed to be reportable data breaches unless healthcare organizations demonstrate through a four-factor assessment that risks are low, explains privacy expert Kate Borten.
Under HIPAA Omnibus, business associates are now directly liable for HIPAA compliance. But covered entities need to take steps to ensure their BAs are, indeed, HIPAA compliant, says privacy attorney Stephen Wu.