Keeping risk assessment documentation and other compliance evidence in a centralized repository is a good way to prepare for any HIPAA audit or investigation, says Mark Dill, Cleveland Clinic's security leader.
Today's advanced threats are no secret. Focusing the correct resources on them is the true challenge, says Will Irace of General Dynamics Fidelis Cybersecurity Solutions. He offers tips for harnessing the right skills and technology.
When it comes to the impending Sept. 23 HIPAA Omnibus enforcement deadline, many smaller organizations are making serious progress - or seriously procrastinating, says compliance expert Margie Satinsky.
After months of delay, a hearing has been scheduled to discuss a controversial accounting of disclosures proposal that calls for giving patients the right to a full report outlining who has accessed their records.
Improper disposal of protected health information poses significant risks, as recent breach incidents demonstrate. That's why organizations need to do a better job vetting disposal companies and verifying that data or devices are actually destroyed.
As Riverside Medical Center in Illinois prepares for HIPAA Omnibus Rule compliance, it's facing push-back from some business associates about new requirements, says Erik Devine, chief security officer.
Two recent incidents at Oregon Health & Science University involved inappropriate storage of unencrypted patient information in the cloud. Experts weigh in on the fogginess of HIPAA Omnibus regarding cloud providers.
After organizations update their policies and procedures to comply with the new breach notification requirements of HIPAA Omnibus, they must thoroughly test their response plans, attorney Ellen Giblin stresses.
The Sept. 23 enforcement deadline for the HIPAA Omnibus Rule is less than two months away. Privacy and security experts offer tips for what needs to get done now in order to meet compliance milestones.
Under HIPAA Omnibus, many cloud computing providers are considered business associates directly liable for HIPAA compliance. What safeguards to protect health data should covered entities expect cloud providers to implement?