Deven McGraw, co-chair of the Privacy and Security Tiger Team that's advising federal healthcare regulators, explains why she's frustrated by delays in rolling out new regulations to protect electronic health records and safeguard the exchange of patient information.
Healthcare organizations should carefully document all necessary breach investigation and notification actions and responsibilities to avoid chaos when an incident occurs, says Dawn Morgenstern, privacy official at the Walgreens national drugstore chain.
Physician group practices, many of which are adopting their first electronic health record system, need to make staff training on privacy and security issues a top priority, says Susan Turney, M.D., the new CEO at the Medical Group Management Association.
The ongoing delay in the release of final versions of HIPAA modifications and the HIPAA breach notification rule makes it more difficult for healthcare organizations to set information security investment priorities, says hospital privacy officer Kari Myrold....
ACH fraud victim Mark Patterson says small businesses like his welcome improved online security measures from banking institutions. But is the new FFIEC Authentication Guidance sufficient? Patterson says no.
Winning senior executive support for information security spending requires "a solid business case of justifications," says Christopher Paidhrin, security compliance officer at PeaceHealth Southwest Medical Center.
Bank of America's Keith Gordon says securing the mobile channel is much like securing any other banking channel: Controlling risks requires layers of security and controls. But educating customers plays a key security function, too.