RiskIT Logo

Issue 45                                             Friday, October 14, 2011 

 

Avoid Becoming a Security Statistic

 

Avoid Becoming a Security Statistic - Prioritize PCI Goals and Know Your Threats

 

Over the last few months the Prioritized Approach for PCI DAA Version 2.0 and Verizon 2011 Data Breach Investigation Report were released for our reading pleasure.

 

I took a look at the correlation between actual breach statistics within Verizon's report and the prioritized guidance for complying with PCI DAA requirements and found that it's spot on.

 

To read this article in its entirety, please click:

Avoid Becoming a Security Statistic

HITECH Tips: Using EHR Security Functions for Protecting Patient Information

 

In 2011, hospitals and physicians can apply for HITECH Act incentive payments for using certified electronic health records software.

 

To be certified as qualifying for the Medicare and Medicaid incentive program, EHR software must have numerous security capabilitites that, until now, have often been missing from clinical information systems.

 

  

To read this article in its entirety, please click:

HITECH Tips: Using EHR Security Functions for Protecting Patient Information

 

 

Class Action Suit Seeks $4.9 Billion in Damages from TRICARE Data Theft

 

An Air Force veteran of the first Iraq war and a military spouse and her two children have hit the Defanse Department with a class action lawsuit seeking $4.9 billion in damages from the theft of a computer tape containing personal and sensitive health information from the car of an employee of Science Applications International Corp., a contractor with the TRICARE Health Management Activity. The company was not not named as a defendant in the action.

 

  

To read this article in its entirety, please click:  

Class Action Suit Seeks $4.9 Billion in Damages from TRICARE Data Theft

    

Medical Research and 'Trust Issues'

 

Panel Spells Out When Privacy Measures Are Needed

A federal advisory group is advising regulators to apply a narrow definition of "research" when updating the Common Rule to protect the privacy of patients involved in medical research projects.

The Health IT Policy Committee says that when a provider organization uses data from electronic health records to evaluate the safety, quality and effectiveness of prevention and treatment activities, that amounts to using it for "operations" and not "research".

To read this article in its entirety, please click: 

 Medical Research and 'Trust Issues'

 

When is "Secure File Transfer" Not Secure?
  

The temptation to use "secure" file transfer utilities persists because they are cheap or free to acquire.

 

However, enterprises that scatter these point solutions throughout their infrastructure quickly discover that the old adage about "spending cheaply to pay dearly" applies here.

 

  

To read this article in its entirety, please click:

 

 
RiskIT Logo 
is an email publication provided by

 

Eminere Group Logo 

 

Disaster Recovery Journal

 

 

 

ISACA Logo

 

 

 

 HIMSS Logo

 

 

More Useful Links...
  
  
  
  
  
  
  
  
  
Join Our Mailing List