HIPAA
Ultimate Breach of Patient Privacy: Real-Time Death on Video
August 29, 2012 Added by:Danny Lieberman
As social media becomes part of the continuum of interaction in the physical and virtual worlds, privacy becomes an issue of discretionary disclosure control. Online privacy and patient privacy will evolve into a market for products and services with stratified pricing, packaging and product positioning...
Comments (1)
Network Exposure and Healthcare Privacy Breaches
August 20, 2012 Added by:Danny Lieberman
EHR interconnected with HIE systems have a big threat surface, because of big, very complex software systems with a large number of attacker entry points. Healthcare system vulnerabilities are compounded since everyone is using the same technology from Microsoft and following the same HIPAA compliance checklists...
Comments (0)
Can You Use Dropbox for Storing Healthcare Data?
June 11, 2012 Added by:Danny Lieberman
The short answer is that you should not store PHI (protected health information) on Dropbox since they share data with third party applications and service providers - but the real reason is you should not use Dropbox for sharing information with patients is simply that it is not private by design...
Comments (0)
NIST Workshop: Safeguarding Health Information
May 30, 2012 Added by:Infosec Island Admin
The HIPAA Security Rule sets federal standards to protect the confidentiality, integrity and availability of electronic protected health information by requiring HIPAA covered entities and their business associates to implement and maintain administrative, physical and technical safeguards...
Comments (0)
Healthcare Data and the (Private) Social Network
May 09, 2012 Added by:Danny Lieberman
Previously, we talked about the roles that trust, security and privacy play in online healthcare interactions. In this post we look at privacy challenges in social networks and describes how you can implement a private healthcare social network for without government regulation...
Comments (0)
Healthcare Data: I Trust You to Keep this Private
May 03, 2012 Added by:Danny Lieberman
In this article, Danny Lieberman talks about the roles that trust, security and privacy play in online healthcare interactions. At the end of the article, he introduces the idea of private social networking for healthcare – leaving the piece open for a sequel...
Comments (2)
NIST: Technical Guidance for Evaluating Electronic Health Records
April 03, 2012 Added by:Infosec Island Admin
“This guidance can be a useful tool for EHR developers to demonstrate that their systems don’t lead to use errors... It will provide a way for developers and evaluators to objectively assess how easy their EHR systems are to learn and operate, while maximizing efficiency...”
Comments (0)
Is a W-2 Considered PHI Under HIPAA?
March 25, 2012 Added by:Rebecca Herold
The question was framed as meaning the entire W-2 form was being “submitted” for financial assistance to pay for healthcare, so with this in mind, we will consider it as one document containing several information items that are necessarily grouped together...
Comments (0)
Incident Response: Have You Got a Plan?
February 06, 2012 Added by:Neira Jones
We should always aim to reduce the frequency of security incidents by effectively securing networks, systems, applications and have the appropriate policies and processes in place, and the NIST report helps in providing guidelines on responding to incidents effectively...
Comments (0)
Healthcare Data Interoperability Pain
January 18, 2012 Added by:Danny Lieberman
Imagine vendor-neutral, standard middleware for EHR applications that would expose data for patients and doctors using an encrypted Atom protocol – very simple, very easy to implement, easy to secure and with very clear privacy boundaries...
Comments (0)
Is Healthcare IT Security on Life Support?
January 13, 2012 Added by:Rafal Los
As costs pile up from beaches, innovation suffers. Ask someone who runs a hospital network - the true cost of innovation slow-down can be counted in lives. Maybe I'm being a little dramatic, but I suspect this is closer to reality than we'd like to admit to ourselves...
Comments (0)
Do Subpoenas Trump HIPAA or Trample Security of PHI?
January 12, 2012 Added by:Rebecca Herold
I’ve spoken to many business leaders over the years, and most have gotten serious about ensuring safeguards are in place when putting their signatures on attestations and other types of legally binding documents. So, you need to have documented procedures in place...
Comments (0)
Standards, Audits, and Certifications: Which One is Right?
January 10, 2012 Added by:Jon Long
Many are confused about when to use ISO 27001 certification, PCI certification, SOC 1 (aka SSAE16), SOC 2 & 3, NIST, and CSA STAR. If the information security community cannot decide which one to standardize on, how can customers be expected to know what to do?
Comments (16)
Medical Device Security: Killed by Code
January 04, 2012 Added by:Danny Lieberman
I’ve been talking to our medical device customers about mobile security of implanted devices for over a year now. I think it’s only a question of time before we have a drive by execution of a politician with an ICD (implanted cardiac device)...
Comments (0)
Medical Device Security
December 27, 2011 Added by:Danny Lieberman
A threat analysis was performed on a medical device used in intensive care units. The analysis considers the security implications of deploying the devices inside a hospital network. Different stakeholders have different security and compliance concerns and therefore different agendas...
Comments (0)
HIPAA Security Rule Toolkit Available from NIST
December 21, 2011 Added by:Headlines
"The NIST HIPAA Security Toolkit Application is intended to help organizations better understand the requirements of the HIPAA Security Rule, implement those requirements, and assess those implementations in their operational environment..."
Comments (1)
- Improving Security by Failing Faster
- BYOD: Should It Be the Wave of the Future?
- Trend Micro Discovers "SafeNet" - a New Targeted Espionage Operation Online
- Managing My Company’s Security is a Nightmare
- Bridging the Cybersecurity Divide, Why Security Innovation Must Lead the Way
- The Evolution of Industrial Control System Information Sharing
- ATM Security (And Really Learning from the Past)
- Complimentary IT Security Resources [May 13, 2013]
- Steps Toward Weaponizing the Android Platform
- Mobile Security Processes Could Be Applied to Medical Devices: Bluebox