Welcome to the CISO Executive Network!

Please log in using the form to the right.
If you do not having a username and password, please take a moment to fill out our contact form to be considered for registration.

User login

Welcome, Guest

Log In Register

Healthcare Information Security

Feb 25 13:41

Data Beach Notification Law- unable to reply

By: michael.moran

Sorry, I was unable to reply to rnkoster's post, but wanted to.I was curious about encryption/device control in general (not just on smartphones, which we do.)  I'm trying to obtain the budget to implement more encryption/device control, and I'm frequently asked "what are other health care organizations doing?" Full disk on laptops?  desktops?By content on laptops? desktops?Blackberries, Smartphones, iPhones, etc?At rest on servers?Within databases?Backup tapes?Flash drives?Portable drives?

Feb 16 16:20

Data Breach Notification Law

By: rnkoster

The Data Breach Notification Law went into effect on September 23, 2010.  In a nutshell,the new law requires a Covered Entity to notify patients when their information has been breached IF the breach involves unsecured Protected Health Information.Unsecured Protected Health Information is defined by the new law as PHI that has not been rendered unusable, unreadable or indecipherable to unauthorized individuals through the use of technology or methodology speficied by the Secretary of DHHS. 

»
Feb 12 20:06

IFR comments on security and meaningful use of HIT

By: BSCline

A lot of us are preparing questions and making recommendations for submission to DHHS during the IFR comment period, but we seem to be "going it alone" for the most part. I've prepared some questions for CMS as well as comments for our actual IFR submission. Here they are: Questions for CMS: 1. Is the intent to limit the Stage 1 measure to the implementation of technical security updates (controls)?

»