Federal regulators have launched a Web portal that provides HIPAA compliance advice for application developers, especially those developing mobile health apps. Some privacy and security experts it's an overdue step in the right direction for companies that need more guidance.
Privacy and security challenges are among the key obstacles to achieving electronic health records interoperability and nationwide secure exchange of health information, according to a new report. But a federal official tells a Senate committee efforts are underway to overcome the challenges.
The HHS Office for Civil Rights should take 10 steps to strengthen its oversight of HIPAA Privacy Rule compliance as well as improve followup activities on reported data breaches, a government watchdog agency concludes in two new reports.
It's been two years since enforcement of the HIPAA Omnibus Rule's modified breach notification requirements began. But the most significant changes in the federal tally of major health data breaches since then appear to have more to do with a surge in hacker activity than the new requirements under HIPAA Omnibus.
Federal regulators have issued a final version of a strategic health IT plan for 2015 to 2020 designed to help guide government activities. But some experts say the plan is thin on privacy and security measures, such as the need to update HIPAA to address evolving cyber threats.
Adjusting risk management strategies in the aftermath of the newly discovered hacker attack on Excellus BlueCross BlueShield, as well as other recent massive cyber-attacks, will be among the hot topics discussed at the Healthcare Information Security Summit in San Francisco on Sept. 17.
Security experts trace many of the world's cybercrime attacks to Russia. But Russian authorities never extradite suspects, and they allow hackers to operate with impunity - if they play by some ground rules.
If there's one thing federal regulators want to drill into the heads of covered entities and business associates about data breach prevention, it's this: Stop procrastinating, and conduct a risk analysis and encrypt most of your computing devices right away.
In her first interview since joining the HHS Office for Civil Rights as deputy director of health information privacy, Deven McGraw describes plans to relaunch HIPAA compliance audits next year and outlines other priorities.
The HHS Office for Civil Rights is getting closer to resuming the HIPAA compliance audit program, says OCR Director Jocelyn Samuels. Plus, OCR has completed another major breach-related settlement, and it's firming up plans for several new compliance-related initiatives.
A controversy over the University of Oregon's handling of a student's mental health records is building momentum for reforms in a regulation that allows schools to use, and in some cases disclose, certain education records of students without their consent.
What do federal regulators have to say about the current state of health data security and privacy? And what are the top priorities of the new federal point person for HIPAA enforcement? Find out by following our coverage of an HHS/NIST security conference this week.
Did Massachusetts' first registered medical marijuana dispensary break federal or state privacy regulations by accidentally sharing patients' email addresses? Experts explain that ... well, the answer is a little hazy.
Thou shalt not reverse engineer Oracle's products. That was the stunning diktat issued by Oracle CSO Mary Ann Davidson in a blog post that some are reading as a declaration of war against the security research community.