As healthcare organizations ramp up HIPAA compliance efforts, they should make far greater use of guidance from the National Institute of Standards and Technology, says security consultant Mac McMillan.
If your organization's leadership has been lukewarm to funding information security efforts, it's time to turn up the heat before you end up in hot water with federal regulators enforcing the HIPAA Omnibus Rule.
When participating in a health information exchange, providers need to take several HIPAA Omnibus Rule compliance steps, including spelling out responsibilities in the event of an HIE breach, says attorney Helen Oscislawski.
To build credibility for its HIPAA enforcement efforts, the Department of Health and Human Services needs to ramp up its breach prevention efforts for the health insurance exchanges slated to begin operations Oct. 1.
An important aspect of HIPAA Omnibus Rule compliance for covered entities as well as business associates and their subcontractors is policing what privacy attorney Gerard Stegmaier calls "the data supply chain."
Keeping risk assessment documentation and other compliance evidence in a centralized repository is a good way to prepare for any HIPAA audit or investigation, says Mark Dill, Cleveland Clinic's security leader.
Today's advanced threats are no secret. Focusing the correct resources on them is the true challenge, says Will Irace of General Dynamics Fidelis Cybersecurity Solutions. He offers tips for harnessing the right skills and technology.
When it comes to the impending Sept. 23 HIPAA Omnibus enforcement deadline, many smaller organizations are making serious progress - or seriously procrastinating, says compliance expert Margie Satinsky.