In case you missed it, Farzad Mostashari, M.D., was recently interviewed on April 28, 2011 by Howard Anderson, Executive Editor, HealthcareInfoSecurity.com. The new head of the Office of the National Coordinator (ONC) for Health Information Technology, a division of HHS that works nationwide to encourage and implement the proper use of HIT and electronic exchanges of health information addressed privacy and security.
Archive | October, 2011
Compliance assessment? Security Evaluation? Risk Assessment? Risk Analysis? Compliance Analysis? Huh? Just what does the HIPPA Security Final Rule and/or The HITECH Act and/or Meaningful Use Final Rule require?
Usernames and passwords are not enough to authenticate users in today’s threat-filled environment. Two factor authentication is something that needs to be on your radar now, for internal, external, and cloud-based applications.
A couple of weeks ago, we did a podcast hosted by HealthcareInfoSecurity.com’s Executive Editor, Howard Anderson. During that interview, Howard asked “Are there any other lessons we can learn from the notification experiences of those organizations that have experienced major breaches?” Here’s how I responded to what we’re learning from early enforcement of the interim final breach notification rule…. There are quite a number of lessons-learned, but here are three top-of-mind big ones:
Government audit results released this week by the HHS Office of Inspector General reveal security failures that raise real concerns about the effectiveness of current security safeguards meant to protect personal health care information. As the U.S. continues to push towards adoption of electronic medical records, the Associated Press reports an HHS audit of just seven large hospitals identified an astounding 151 security vulnerabilities.
Are you prepared in the event of a data breach affecting your organization? Do you know the regulations? Can you conduct accurate and timely incident risk assessment? Are you ready to provide required notifications & OCR’s request for information? …Learn how to do either in our recent webinar… Download Presentation Materials and View recorded version now… […]
If you create, receive, maintain or transmit ePHI, you need to view this webinar. No matter where you are in your HIPAA-HITECH compliance journey and no matter where you are in the ePHI “chain of trust”, you will benefit from knowing exactly where you stand with respect to the HIPAA Security Regulations: Learn how to do either in our recent webinar… Download Presentation Materials and View recorded version now…
The interim final breach notification rule, now in effect, requires Covered Entities to notify individuals whose Protected Health Information (PHI) has been impermissably disclosed . Your plan should include consideration of notification letters to individuals … now! Here’s our advice about the details that are essential to include in letters to affected patients, as well as notices posted on websites, to help rebuild trust… We recommend these four key considerations as you develop notification letters to individuals: