Federal regulators are considering whether data segmentation technology that protects sensitive patient information when it's exchanged should be required for electronic health record software certified for the HITECH Act incentive program.
The fact that the U.S. federal government would, under some circumstances, exploit software vulnerabilities to attack cyber-adversaries didn't perturb a number of IT security providers attending the 2014 Infosecurity Europe conference in London.
In the five years since the HITECH Act was signed into law, there have been some major successes and disappointments concerning health information security and privacy, says Joy Pritts of the Office of the National Coordinator for Health IT.
Information security and privacy work in healthcare environments often requires a depth of specialized knowledge and competency that can be validated through the help of professional credentialing, says CISO Sean Murphy.
An address by FBI Director James Comey at the RSA security conference seems to equate civil liberties and privacy. But when he offers an example of balancing Americans' rights with cybersecurity, he mainly refers to the civil liberties, not privacy.
Simple credentials, such as passwords, are a hacker's best friend, says Phillip Dunkelberger of Nok Nok Labs, a founding member of the FIDO Alliance. That's why the alliance is working to reduce reliance on passwords by enabling advanced authentication.
Editor's Note: Excerpts of this interview appear in ISMG's Security Agenda magazine, distributed at RSA Conference 2014.
Privacy should be built into the design of all healthcare information technology and related processes, says Michelle Dennedy, who's writing a book on the concept of "privacy by design."
Healthcare providers are turning to patient portals to provide remote access to electronic health records. But they face challenges when giving parents access to the records of minors of a certain age, says attorney Adam Greene.
A government watchdog plans a variety of activities to scrutinize the data security practices of healthcare providers, including hospitals' security controls over medical devices. It also will take a close look at the HealthCare.gov website.
Here's a sampling of the many sessions at RSA 2014 that will provide timely insights for security specialists in the government sector on such topics as vetting foreign technologies and implementing the new cybersecurity framework.
Social media sites are increasingly popular platforms for patients dealing with medical issues. But there are also privacy and security risks involved, and healthcare providers can help patients navigate these.
HealthcareInfoSecurity has extended the deadline for participation in its annual survey to examine the priorities and challenges of healthcare info security leaders. Preliminary results reveal some pain-points.
In the quest to prevent data breaches, healthcare providers should take advantage of the free privacy and security resources available from federal regulators. Find out about the most popular guides offered.