In the five years since the HITECH Act was signed into law, there have been some major successes and disappointments concerning health information security and privacy, says Joy Pritts of the Office of the National Coordinator for Health IT.
Verizon's latest annual breach report shows that Web application attacks increased more than malware-fueled point-of-sale intrusions in 2013, says analyst Dave Ostertag, who provides an overview of the report's findings.
As a result of the HIPAA Omnibus Rule's new breach notification guidelines that went into effect last year, business associates need to take certain steps when notifying covered entities of incidents, says security expert Brian Evans.
As federal regulators reveal details for the next phase of HIPAA compliance audits, security and privacy experts give the plan mixed reviews. Find out what experts like and don't like about the proposals.
While the 2014 Healthcare Information Security Today survey indicates more healthcare entities are performing HIPAA security risk assessments, smaller providers and business associates are still struggling with this task, says security expert Kate Borten.
Many covered entities are still tackling the challenge of making sure their business associates are HIPAA compliant, says security specialist Andrew Hicks, who analyzes the results of the 2014 Healthcare Information Security Today survey .
Thorough documentation will be more important in the next round of HIPAA compliance audits slated to begin this fall because most will not involve onsite examinations, says privacy attorney Adam Greene.
The HHS Office for Civil Rights will resume its HIPAA compliance audit program this fall with a limited number of narrowly focused "desk audits," plus comprehensive on-site audits "as resources allow."