At its core, HIPAA compliance is simply about maintaining patient privacy by ensuring the appropriate access to and use of patient data by your users. Electronic Health Record (EHR) solutions provide detail around when patient data is accessed, but without visibility into what users do with sensitive patient data...
Every new cybersecurity regulation includes at least some emphasis on improving vendor risk management. But what happens when vendors balk at the extra degree of scrutiny required? Moffitt Cancer Center's Dave Summitt describes his risk-based approach to business associates.
HealthcareInfoSecurity Executive Editor Marianne Kolbasuk McGee reflects on the just-concluded Healthcare Security Summit in New York in the latest edition of the ISMG Security Report. Also, PCI Security Standards Council CTO Troy Leach addresses ransomware risks.
Federal regulators will be kicking off remote HIPAA compliance "desk audits" of business associates next month and more comprehensive onsite audits of both covered entities and BAs early next year. Learn more about what's next for the audit program.
In the first HIPAA enforcement action against a business associate, federal regulators have smacked a nonprofit organization with a $650,000 penalty following an investigation into a 2014 security incident affecting just 412 patients.
Recent breaches and regulatory audits have sharpened the focus on third-party risks. How are healthcare entities tackling this critical topic of business associate management? Attorney David Szabo shares insights.
The HIPAA Omnibus Rule stresses the need for business associates to adequately safeguard patient information. What are the implications? Here's what a federal privacy officer and a consumer advocate have to say.
Security threats to healthcare organizations are on the rise - and so are regulatory requirements. Kim Singletary of McAfee discusses the top breach prevention and response challenges for healthcare organizations in 2013.