Risk
2/15/2013
11:11 AM
Dark Reading
Dark Reading
Products and Releases
Connect Directly
RSS
E-Mail
50%
50%
Repost This

New HIPAA Omnibus Rule Changes Health IT Security Landscape

Rule means more audits and increased penalties if compliance is not achieved

(PR NewsChannel) / CHICAGO / Healthcare providers are now facing an immediate need to provide security risk assessments and testing to meet compliance requirements with HIPAA. On January 17, 2013, a new omnibus HIPAA privacy and security rule was released, bringing with it more audits and increased penalties if compliance is not achieved. This requirement is the beginning of a new, and very necessary, push towards Health IT security and data protection.

In a series of in-depth research interviews conducted with CIO executives from some of the largest hospitalists in the U.S., one of the top 'worst-case' security scenarios keeping them up at night is how to prepare for a data-at-rest breach caused by loss or theft of a mobile device. Furthermore, fines are no longer restricted to massive data breaches, as HHS confirmed it received a $50,000 settlement from a breach in Idaho stemming from a lost laptop that only involved 441 patients in January 2013. While technology-based vulnerabilities are part of the problem, most executives agree that operational and people-related processes pose the biggest risk of an incident, a problem that can only be solved through better education, training and change management.

"As healthcare organizations rush to adopt new technologies, security often takes a back-burner which causes near and long-term problems in managing risk." said Parham Eftekhari, EVP Research, HealthTech Council. "With penalties in the recent Omnibus up to $1.5 million per violation, it is critical healthcare executives understand how IT deployments create risk, and what they can do to mitigate their exposure."

The other top security challenges facing healthcare executives in addition to maintaining HIPPA compliance and privacy laws, are: securing data-at-rest, data in the cloud, information sharing, BYOD/mobile device management, providing patients secure access to their health records, operational and process risk management, employee risk/security awareness and training.

The national HealthTech Council executives providing this research and leading action groups are convening at the invitation-only HealthTech Meeting April 21-23 in Chicago to collaborate with some of the industry's leading solution providers to discuss these new policies and solutions for the future. Due to the recent events, HealthTech is urging security companies and other technology providers in Health IT Security to get involved because of the immediate demand for these solutions.

The HealthTech Council is reviewing industry experts to lead roundtable strategy sessions at the upcoming HealthTech Council Meeting in April, including: "The Mobile Revolution: Remote Care without Compromising Security and Quality"; "Operational Risk Management: People, Process, Technology";"Help, My Data Has Been Breached!: Insights on Threat Prevention, Detection, Response"; "People and Culture: Healthcare Transformation's Biggest Challenge"; and "Future Legal & Compliance Considerations that Will Impact You." These sessions will allow healthcare professionals and solution providers to discuss best practices and lessons learned based on the most important topics affecting the Health IT Security ecosystem.

About HealthTech: The HealthTech Council provides executive-level collaboration, information sharing and education on the strategic and operational impact of information technology on the healthcare industry. As a research based organization, HealthTech is focused on cutting-edge issues including Informatics, Risk Management, Interoperability, mHealth, Security/Privacy, Cloud Computing, Information Sharing, Compliance, Telemedicine and IT's role in supporting ACOs, Population Management and pay-for-performance. Through its semi-annual HealthTech Council Meeting, Action Committees, publications and workshops, HealthTech provides unique peer-to-peer forums for executive-level sharing of best practices and lessons learned resulting in actionable strategic plans and industry-wide solutions. HealthTech views IT as a strategic business asset, not a cost-center, resulting in content designed for both IT (CIO, CMIO) and non-IT (CMO, COO, CFO, Director/VP) executives from hospitals, health care providers, industry, academia and government. www.HealthTechCouncil.org

MEDIA CONTACT

Kirby Watkins

PR Contact

HealthTech Council

202.815.7406 Mobile

202.351.0569 Fax

Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2012-3946
Published: 2014-04-24
Cisco IOS before 15.3(2)S allows remote attackers to bypass interface ACL restrictions in opportunistic circumstances by sending IPv6 packets in an unspecified scenario in which expected packet drops do not occur for "a small percentage" of the packets, aka Bug ID CSCty73682.

CVE-2012-5723
Published: 2014-04-24
Cisco ASR 1000 devices with software before 3.8S, when BDI routing is enabled, allow remote attackers to cause a denial of service (device reload) via crafted (1) broadcast or (2) multicast ICMP packets with fragmentation, aka Bug ID CSCub55948.

CVE-2013-6738
Published: 2014-04-24
Cross-site scripting (XSS) vulnerability in IBM SmartCloud Analytics Log Analysis 1.1 and 1.2 before 1.2.0.0-CSI-SCALA-IF0003 allows remote attackers to inject arbitrary web script or HTML via an invalid query parameter in a response from an OAuth authorization endpoint.

CVE-2014-0188
Published: 2014-04-24
The openshift-origin-broker in Red Hat OpenShift Enterprise 2.0.5, 1.2.7, and earlier does not properly handle authentication requests from the remote-user auth plugin, which allows remote attackers to bypass authentication and impersonate arbitrary users via the X-Remote-User header in a request to...

CVE-2014-2391
Published: 2014-04-24
The password recovery service in Open-Xchange AppSuite before 7.2.2-rev20, 7.4.1 before 7.4.1-rev11, and 7.4.2 before 7.4.2-rev13 makes an improper decision about the sensitivity of a string representing a previously used but currently invalid password, which allows remote attackers to obtain potent...

Best of the Web