Should federal regulators provide physicians with a free pass from having to conduct a HIPAA risk analysis or face a random HIPAA compliance audit if they implement a cybersecurity framework? That's what the AMA is proposing. Security experts weigh in with reactions.
Leading the latest edition of the ISMG Security Report: Ransomware hits the city of Atlanta, Baltimore's 911 system as well as aviation giant Boeing. Plus, WikiLeaks and its Julian Assange get taken for a ride by Russian intelligence.
Federal regulators are considering potential changes to HIPAA privacy rule and enforcement regulations, but aim to first engage the healthcare sector and public for input, says the nation's top HIPAA enforcer. So, what changes are being considered?
Despite the White House's request for deep budget cuts, Congress passed and President Trump signed into law last week flat funding for the current fiscal year for the two federal agencies responsible for health information privacy and security issues, including HIPAA enforcement.
Recent financial reports from three healthcare sector organizations that suffered cyberattacks demonstrate how costly data breaches can be for not-for-profit healthcare providers and for-profit companies alike.
Privacy attorney Kirk Nahra offers an analysis of the New York state attorney general proposing updates to the state's data security laws and issuing a substantial financial penalty in a HIPAA violations case.
While the director of the HHS Office for Civil Rights says HIPAA enforcement remains a top priority for the agency, obtaining enough resources to carry out its mission is an ongoing battle, says former OCR official Deven McGraw.
More healthcare organizations are "decoupling" their HIPAA compliance efforts from their cybersecurity initiatives, a sign that the sector is maturing, says security expert Axel Wirth, discussing findings of a new study by HIMSS Analytics and Symantec.
HHS Office for Civil Rights Director Roger Severino told an audience at the HIMSS18 conference Tuesday that there will be "no slowdown" in the agency's HIPAA enforcement efforts. But he told ISMG following the presentation that there will be no phase 3 for HIPAA compliance audits.
Cybersecurity will again be in the spotlight at this year's Healthcare Information and Management Systems Society conference, March 5 to 9 in Las Vegas. The event will feature numerous CISO presentations, updates from regulators and displays of the latest technologies.
Federal agencies recently gave medical research organizations and others an extra six months to comply with most provisions of the updated "Common Rule" regulations that aim to protect human subjects in research, including ensuring their privacy. What's the impact of the delay?
Is U.S. computer crime justice draconian? That's one obvious question following England's Court of Appeal ruling that suspected hacker Lauri Love would not be extradited to the United States, in part, because they said the U.S. justice system could not be trusted to treat Love humanely.
With advances in big data, artificial intelligence, machine learning and more, healthcare is primed to innovate. But do HIPAA, GDPR and other regulatory standards inhibit the ability to innovate? Scott Whyte of ClearDATA discusses healthcare's complex convergence of innovation and compliance.