Recent changes by the HHS to the certification program for electronic health record software could potentially weaken efforts to ensure EHRs meet federal requirements, including those that impact security, says attorney Maya Uppaluru, who formerly was on the HHS staff.
The deadly hurricane season has prompted federal regulators to issue several specific HIPAA waivers in recent weeks. But are such waivers really necessary? And what actions can healthcare providers take during a crisis even without a waiver?
Through an ongoing series of Healthcare Security Readiness workshops, key gaps in how healthcare organizations defend against cybercrime hacking have emerged. Has your organization assessed and mitigated gaps in security...or are even aware of what they are?
In the following ISMG interview transcript, David...
An ongoing series of Healthcare Security Readiness workshops reveals some key gaps in how healthcare organizations defend against cybercrime hacking. How should entities assess and mitigate these gaps? David Houlding of Intel shares insights.
The new head of the agency that enforces HIPAA says his top enforcement priority for the coming year is to find a "big, juicy, egregious" breach case to use as an example from which others can learn. What else is on Roger Severino's agenda?
Leading the latest edition of the ISMG Security Report: An interview with the head of a new cyber initiative to help political campaigns and local, state and federal election officials safeguard America's electoral process. Also, analyzing the evolving characteristics of the healthcare breach.
Nuance has issued an unusual public letter to customers explaining why the medical transcription services vendor has decided not to report the NotPetya malware attack on the company to federal regulators as HIPAA breach. How did Nuance make its determination?
A hacker attack on a women's healthcare clinic that impacted 300,000 patients ranks as the second largest ransomware-related health data breach reported to federal regulators. Why did it take months before the clinic detected the malware?
HHS has made changes to a website widely referred to as the "wall of shame" that lists major health data breaches. The changes came after some members of Congress complained that the website unfairly exposes breached organizations to endless public scrutiny.
Two GOP senators are asking federal regulators to recoup potentially millions of dollars worth of allegedly inappropriate EHR incentive payments made under the HITECH Act. If the money is clawed back, what's the potential impact on data security spending?
Regulators will not penalize healthcare providers that attested to meeting HITECH Act "meaningful use" incentive payment requirements using electronic health records from eClinicalWorks, a vendor that recently settled a false claims case with federal prosecutors.
Healthcare organizations that rely too heavily on HIPAA compliance are coming up short when it comes to security, says Jennings Aske, an attorney who's CISO at New York-Presbyterian. A far better approach, he says, is to rely on the NIST cybersecurity framework or other comprehensive frameworks.
With the exception of one large theft incident involving an insider, hacker attacks - including some involving ransomware - continue to be the leading culprits in the biggest health data breaches reported so far this year. What's next?