What are the top challenges in complying with the HIPAA Omnibus Rule? What steps are healthcare organizations taking to prevent breaches? And what are the top data security priorities for the year ahead?
For answers to these questions and many more, check out the Healthcare Information Security Today webinar. Howard Anderson, news editor at Information Security Media Group, presents an overview of the survey's top findings, then leads an expert panel in a discussion of key topics. The sponsor of the survey is (ISC)Â².
The panelists include: Michael Bruemmer, vice president of Experian Data Breach Resolution; Bob Chaput, CEO at Clearwater Compliance; and Brian Evans, a principal security and privacy consultant at Tom Walsh Consulting. They'll address critical issues, including:
What's the best approach to revamping breach notification strategies in light of the HIPAA Omnibus Rule?
Which security technologies will prove to be most critical in helping healthcare organizations safeguard information in 2014?
How can CISOs build support among executives and board members for investments in information security?
Healthcare organizations face the ongoing challenge of ensuring patient information is adequately protected. And as federal regulators step up enforcement of privacy and security requirements under the new HIPAA Omnibus Rule, there's a growing sense of urgency. But what are the key action items for 2014?
In an overview of the Healthcare Information Security Today survey results, Howard Anderson, news editor at Information Security Media Group, covers a broad range of issues:
HIPAA Omnibus Rule Compliance
Enforcement of the rule began last September. But healthcare organizations are still dealing with several key compliance challenges, including training their workforces and revising business associate agreements.
Top Security Priorities and Investments
Top priorities for 2014 include improving regulatory compliance, boosting staff members' security awareness and preventing and detecting breaches. Top planned investments are an audit tool or log management system, e-mail encryption and a mobile device management system.
Perceived Security Threats
Mistakes by staff, the growing use of mobile devices and business associates with inadequate security are far bigger perceived security threats to healthcare entities than hackers. This makes sense, given that a majority of major breaches have involved lost or stolen unencrypted devices.
Breach Prevention Efforts
Top breach prevention strategies include stepping up training on privacy and security issues and implementing an audit tool to enhance detection of unauthorized access.
Despite all the news about breaches involving lost or stolen mobile devices, only 44 percent of respondents have applied encryption to these devices. And only about a third say encrypting mobile devices is a top priority for this year. The survey also reveals other encryption trends.
Following the survey overview, Anderson convenes a discussion of the findings with a panel of experts.
Anderson is news editor of Information Security Media Group and was founding editor of HealthcareInfoSecurity and DataBreachToday. He has more than 40 years of journalism experience, with a focus on healthcare information technology issues. Before launching HealthcareInfoSecurity, he served as founding editor of Health Data Management magazine, where he worked for 17 years, and he served in leadership roles at several other healthcare magazines and newspapers.
Vice President, Experian Data Breach Resolution
Michael Bruemmer is Vice President, ExperianÂ® Data Breach Resolution at Experian Consumer Services, the leading provider of online consumer credit reports, credit scores, credit monitoring, other credit-related information, and protection products. With more than 25 years in the industry, Michael brings a wealth of knowledge related to business operations and development in the identity theft and fraud resolution space where he has educated businesses of all sizes and sectors through pre-breach and breach response planning and delivery, including notification, call center and identity protection services.
CEO and Founder, Clearwater Compliance, LLC
Bob Chaput is CEO and Founder of Clearwater Compliance, LLC, a market leader helping Covered Entities and Business Associates meet stringent HIPAA-HITECH Privacy, Security and Breach Notification Rule requirements under HIPAA, generally, and as specified in Meaningful Use core objectives. Bob brings 20 years of experience spanning the highly security and privacy regulated healthcare industry at companies like Johnson & Johnson and Healthways. He speaks and writes extensively on HIPAA and HITECH privacy, security and breach notification matters and is a recognized HIPAA-HITECH compliance expert. He holds undergraduate and graduate degrees in mathematics and numerous technical certifications; he is a certified Healthcare Information Security and Privacy Practitioner (HCISPP), a Certified Information Systems Security Professional (CISSP), and Certified Information Privacy Professional (CIPP/US).
Principal Consultant, Tom Walsh Consulting
Evans is a principal security and privacy consultant at Tom Walsh Consulting. Previously, he was information security officer at The Ohio State University Health System, Atlantic Health, Fletcher Allen Healthcare, New York Hospital Queens and University of Alabama Birmingham Health System. He also led the incident response and computer forensic investigations teams for Nationwide Insurance and was vice president of IT risk management at KeyBank and JPMorgan Chase. Evans started his career as a medic in the U.S. Air Force.