Health information exchange outside HIPAA

 Posted by on Monday, August 31, 2009

 Leave A Comment

The Social Security Administration (SSA) has essentially been the first government adopter of the Nationwide Health Information Network (NHIN), going into production early this year with an information exchange with MedVa to receive medical records in…

 Categories: Health IT, HIPAA

Effective security demands effective risk assessment

 Posted by on Thursday, August 27, 2009

 Leave A Comment

While most of the public attention focused on the Consensus Audit Guidelines has been fairly positive, two key aspects continue to be overlooked that may work against the intention of the CAG to improve baseline security…

 Categories: Infosec, Risk Management

Federal cyber security oversight slowly moving towards automation

 Posted by on Tuesday, August 25, 2009

 Leave A Comment

While the information required to be submitted for this fall’s information systems security reporting under the Federal Information Security Management Act (FISMA) hasn’t changed significantly, OMB announced in a memorandum last week that FISMA reports will…

 Categories: Cybersecurity, Management

Health data breach notification rules published

 Posted by on Monday, August 24, 2009

 Leave A Comment

The Department of Health and Human Services has published an interim final rule in the Federal Register formalizing requirements contained in the HITECH portion of the American Recovery and Reinvestment Act that that organizations provide breach…

 Categories: Data Breach, HITECH, Legal

Initial observations on Revision 3 of SP800-53

 Posted by on Saturday, August 8, 2009

 Leave A Comment

NIST last week released the final version of Revision 3 of its Special Publication 800-53, “Recommended Security Controls for Federal Information Systems and Organizations.” This update has a number of really interesting characteristics, beyond the simple…

 Categories: FISMA