December 27, 2011 Added by:Danny Lieberman
A threat analysis was performed on a medical device used in intensive care units. The analysis considers the security implications of deploying the devices inside a hospital network. Different stakeholders have different security and compliance concerns and therefore different agendas...
December 21, 2011 Added by:Headlines
"The NIST HIPAA Security Toolkit Application is intended to help organizations better understand the requirements of the HIPAA Security Rule, implement those requirements, and assess those implementations in their operational environment..."
December 14, 2011 Added by:Christopher Burgess
Have we now arrived at the point in obtaining medical care that in addition to looking into the medical practitioner's experience and confirming they are compliant with HIPAA, that we now must review their data handling policies before choosing a health care provider?
December 02, 2011 Added by:Ed Moyle
The barometer that the Ponemon study uses (i.e. breach disclosures, breach impact) could actually be an indicator of better security instead of worse. It could be the case that breaches are on the rise because we're finding them more because not looking for them so violates federal law...
November 30, 2011 Added by:Headlines
A new tool, developed by the NIST is intended to be a resource that organizations can use to support their risk assessment processes by identifying areas where security safeguards may be needed to protect EPHI, or where existing security safeguards may need to be improved...
October 31, 2011 Added by:Headlines
"You're not meant to be able to grab serial numbers out of the air. This tool I developed should be able to scan the frequency for these pumps, retrieve the pump ID, and with that pump I can then dispense insulin, suspend the pump, resume it and that type of thing..."
October 30, 2011 Added by:Christine Arevalo
Taking a PHI inventory, establishing an Incident Response Plan, meeting patients' real needs, and looking for the positive aspects of a data breach can all reflect your culture of commitment and caring. And that's the best practice of all...
September 14, 2011 Added by:Emmett Jorgensen
Despite both HIPAA and the HiTECH Act, healthcare data breaches have been popping up regularly. A recent study found over 70% of hospitals had data breaches last year. This has generated concern over Healthcare’s adoption of security procedures and the overall effectiveness of HIPAA...
July 28, 2011 Added by:Danny Lieberman
Developing for embedded Linux is not copy and paste from Windows. It requires expertise to setup the basic infrastructure. But, once that infrastructure is up, the medical device developer and it’s hospital customer can be confident that they are standing on a secure platform...
July 24, 2011 Added by:Jack Anderson
"An important component of preparing for a potential HIPAA compliance audit is to complete a walk-through to make sure privacy and security policies and procedures are practical and effective..."
July 21, 2011 Added by:Christopher Burgess
When the first five months provides a rate of one million records a month in lost patient data, by year’s end five percent of the US population will have had their medical records compromised. We have no choice but to take action now and keep the second half of 2011 from replicating the first...
July 12, 2011 Added by:Danny Lieberman
Vendors that use Windows for less critical devices are actually increasing the threat surface for a hospital since any Windows host can be a carrier of malware, regardless of it’s primary mission function, be it user-friend UI at a nursing station or intensive care monitor at the bedside...
July 10, 2011 Added by:Rebecca Herold
“Covered entities need to realize that HIPAA privacy protections are real and OCR vigorously enforces those protections. Entities will be held accountable for employees who access protected health information to satisfy their own personal curiosity..."
July 06, 2011 Added by:Konrad Fellmann
Basically, if electronic PHI data is encrypted, purged, or physically destroyed before it is inadvertently disclosed, then it doesn’t count as a breach. If the information is protected in a way that it can’t be obtained by an unauthorized individual then you’re safe...
June 24, 2011 Added by:Danny Lieberman
The combination of large numbers of software vulnerabilities, user lock in created by integrating applications with Windows, complexity of Microsoft products and their code and Microsoft predatory trade practices are diametrically different than Linux and the FOSS movement...
June 16, 2011 Added by:Jack Anderson
We have scheduled two new free webinars on HIPAA HITECH for Smarties. These webinars feature a presentation by Rebecca Herold,CIPP, CISSP, CISA, CISM, FLMI, recently voted the 3rd best privacy advisor in the world, in competition with large law firms and consulting practices...
PoS Malware Kits Rose in Underground in 2014... on 03-17-2015
New PCI Compliance Study... on 03-17-2015
PCI Security Standards Council Statement on ... on 03-17-2015