The new omnibus rule makes it clear that business associates must comply with HIPAA. And the latest additions to the federal health data breach tally put a spotlight on why some BAs need to improve patient data protection.
"This is a business that should have known better," U.K. Deputy Information Commissioner David Smith says. "There's no doubt in my mind that they had access to both the technical knowledge and the resources to keep this information safe."
The long overdue final HIPAA omnibus rule has been released. The package includes extensive modifications to the HIPAA privacy, security and enforcement rules as well as an updated version of the HIPAA breach notification rule.
With different nations establishing different privacy standards, organizations face adopting the most stringent regulations in order to be compliant everywhere they operate, says Marc Groman, a director of the International Association of Privacy Professionals.
In recent weeks, the federal tally of major health information breaches has been growing at a relatively slow pace. Is that evidence that healthcare organizations are getting better at preventing breaches?
A breach that resulted in a $1 million HIPAA settlement led Partners Healthcare in Boston to take many significant steps, including merging its privacy and security efforts, says CISO Jennings Aske. More changes are planned for 2013.
The Walgreens drugstore chain will pay $16.6 million to settle a California case involving improper disposal of hazardous waste, as well as certain confidential patient information, in dumpsters near their stores.
From point-of-sale hacks to malware and DDoS attacks, the top cyberthreats of 2012 have been aggressive and strong. Is it time for organizations to adopt a "hack back" strategy against perceived attackers?
McAfee CPO Michelle Dennedy and Intel CISO Malcolm Harkins work for the same company, but in some ways they are worlds apart. How must privacy and security leaders bridge gaps to face challenges ahead?
Gov. Nikki Haley realizes the potential political consequences of a breach, which explains why she held three press conferences on three consecutive days to address her administration's response to a computer breach of the state's tax IT system.