As CIOs are asked to assemble more data to demonstrate their organization is providing high-quality care at a lower cost, their role in ensuring privacy and security is evolving, says technology specialist Harry Greenspun, M.D.
Encryption is an important breach prevention tool. But to make the right decisions about how to apply encryption, healthcare organizations should take four specific steps, says security expert Feisal Nanji.
Getting buy-in for information security spending from those who hold the purse strings can be tricky unless risks are properly assessed and articulated. See how some healthcare security leaders tackle the budget challenge.
Security specialist David Newell outlines common pitfalls healthcare organizations need to avoid when conducting a risk analysis - such as focusing on an insufficient, narrow HIPAA compliance assessment.
The privacy and security provisions of the HIPAA Omnibus Rule and the HITECH Act EHR incentive program "dovetail together quite nicely," says federal privacy officer Joy Pritts, who offers compliance tips.
The Department of Health and Human Services is considering a HIPAA amendment that could make it easier for states to report identities of certain mental health patients to a federal background check database for gun purchases.
Farzad Mostashari, M.D., the national coordinator for health information technology, sees the exchange of health information as a way to improve care quality. But what's his vision for achieving truly secure data exchange?
The advocacy group Patient Privacy Rights has co-developed a "trust framework" that IT vendors and their clients can use to help measure compliance with privacy principles. But will it prove practical?