Archive | October, 2011

New ONC Coordinator Comments on Privacy & Security

In case you missed it, Farzad Mostashari, M.D., was recently interviewed on April 28, 2011 by Howard Anderson, Executive Editor, HealthcareInfoSecurity.com. The new head of the Office of the National Coordinator (ONC) for Health Information Technology, a division of HHS that works nationwide to encourage and implement the proper use of HIT and electronic exchanges of health information addressed privacy and security.

Continue Reading

Who are you, and how do you prove it?

Usernames and passwords are not enough to authenticate users in today’s threat-filled environment. Two factor authentication is something that needs to be on your radar now, for internal, external, and cloud-based applications.

Continue Reading

Breach Notification Planning Tips – Key Lessons Learned

A couple of weeks ago, we did a podcast hosted by HealthcareInfoSecurity.com’s Executive Editor, Howard Anderson. During that interview, Howard asked “Are there any other lessons we can learn from the notification experiences of those organizations that have experienced major breaches?” Here’s how I responded to what we’re learning from early enforcement of the interim final breach notification rule…. There are quite a number of lessons-learned, but here are three top-of-mind big ones:

Continue Reading

Audit Identifies 151 Security Vulnerabilities in Seven Hospitals

Government audit results released this week by the HHS Office of Inspector General reveal security failures that raise real concerns about the effectiveness of current security safeguards meant to protect personal health care information. As the U.S. continues to push towards adoption of electronic medical records, the Associated Press reports an HHS audit of just seven large hospitals identified an astounding 151 security vulnerabilities.

Continue Reading

How To Establish Your Data Breach Notification Program

Are you prepared in the event of a data breach affecting your organization?  Do you know the regulations?  Can you conduct accurate and timely incident risk assessment? Are you ready to provide required notifications & OCR’s request for information?   …Learn how to do either in our recent webinar… Download Presentation Materials and View recorded version now… […]

Continue Reading

How To Assess Your HIPAA-HITECH Security Compliance Program

If you create, receive, maintain or transmit ePHI, you need to view this webinar. No matter where you are in your HIPAA-HITECH compliance journey and no matter where you are in the ePHI “chain of trust”, you will benefit from knowing exactly where you stand with respect to the HIPAA Security Regulations: Learn how to do either in our recent webinar… Download Presentation Materials and View recorded version now…

Continue Reading

Breach Notification Planning Tips – Notification Letters

The interim final breach notification rule, now in effect, requires Covered Entities to notify individuals whose Protected Health Information (PHI) has been impermissably disclosed . Your plan should include consideration of notification letters to individuals … now! Here’s our advice about the details that are essential to include in letters to affected patients, as well as notices posted on websites, to help rebuild trust… We recommend these four key considerations as you develop notification letters to individuals:

Continue Reading