One reason why encryption is not more broadly used in healthcare is that so many organizations lack an updated risk assessment that identifies the role the technology can play in preventing breaches, says attorney Amy Leopard.
Improving regulatory compliance efforts is the No. 1 information security priority for healthcare organizations in the year ahead. That's a key finding of the inaugural Healthcare Information Security Today survey.
"It should provide fuel for anyone calling for data breach legislation to include criminal sanctions ...," says Neal O'Farrell of the Identity Theft Council. "This was nothing short of a clumsy cover-up."
"With a company-issued device, you can issue a policy that says users have no rights of privacy over information on the device," says Javelin's Tom Wills. But with employee-owned devices? A whole new set of issues.
About 4.9 million patients treated in San Antonio area military treatment facilities since 1992 have been affected by a health information breach involving the theft of backup tapes for electronic health records.
With the announcement of a breach affecting 4.9 million patients in the Defense Department's TRICARE healthcare program, there have now been five incidents that each affected at least 1 million individuals since the HIPAA breach notification rule took effect.