Some security experts are concerned that narrower risk assessment requirements in a proposed Stage 3 rule for the HITECH Act EHR incentive program could confuse healthcare entities about the importance of conducting a broad HIPAA risk assessment.
To protect against medical ID theft and fraud, healthcare organizations need to build comprehensive security programs that go beyond just putting their "finger in the dike," says security expert Mark Ford of Deloitte.
Healthcare organizations that base their information security programs on HIPAA compliance are making a major blunder, says security consultant Brad Keller, who explains why that strategy is short-sighted.
What does "IT security as a business enabler" mean? For a definition, Gartner's Paul Proctor looks to the way IT managers at a European car maker translate security problems into a language a CEO can understand.
In the struggle to comply with changing regulatory requirements amidst an evolving technological environment, addressing information security can be overwhelming for many healthcare providers. An expert offers tips for sustainable risk management.
While the 2014 Healthcare Information Security Today survey indicates more healthcare entities are performing HIPAA security risk assessments, smaller providers and business associates are still struggling with this task, says security expert Kate Borten.
Thorough documentation will be more important in the next round of HIPAA compliance audits slated to begin this fall because most will not involve onsite examinations, says privacy attorney Adam Greene.
The basis of any good security program is conducting a thorough and timely risk analysis; but that can be difficult for smaller healthcare organizations. That's why a federal agency will soon unveil an app designed to make the process easier.
The HHS Office for Civil Rights, which enforces HIPAA, has some compliance issues of its own to address, according to a new inspector general report. But OCR officials say they've been addressing those matters.
An audit protocol from federal regulators is a useful tool for covered entities and business associates that are conducting a risk analysis and beefing up HIPAA compliance efforts, says security expert Bill Miaoulis.
Despite the government shutdown, Stage 2 of the HITECH Act financial incentive program for the meaningful use of electronic health records kicks off Oct. 1. Learn more about the privacy and security provisions and how to prepare.
It's been four years since federal officials began tracking major healthcare data breaches. What important lessons can be learned from the causes of these breaches as well as HIPAA enforcement actions by federal regulators?