"Consumer notification is often hampered by the fact that companies must first determine their obligations under 47 different state regimes," says Rep. Mary Bono Mack, R-Calif., the subcommittee's chair and bill's sponsor.
NIST's Ron Ross points out that its seminal security control guidance, Special Publication 800-53, contains only one privacy control, requiring agencies to conduct a privacy impact assessment. That will change by year's end.
A new consumer survey suggests healthcare organizations still have a long way to go in educating patients about the benefits of electronic health records and easing their concerns about security issues.
The Department of Veterans Affairs is offering a $50,000 prize to a developer who successfully demonstrates the expansion of the use of the "Blue Button" application to enable veterans to download their patient information from providers outside the VA.
The Department of Health and Human Services has published a proposed rule that describes privacy, security and many other standards for web-based state insurance exchanges called for under the healthcare reform law.
More organizations that run health information exchanges are offering patients the opportunity to provide more specific levels of consent for the exchange of their records, a new survey by the advocacy group eHealth Initiative shows.
Nearly three months after revelation of a year-long information security breach that exposed personal information of some 3.5 million people at the Texas state comptroller's office, the comptroller has named a new chief information security officer and chief privacy officer.
We all know the cost of regulatory compliance - how expensive it can be to meet the standards of HIPAA, HITECH and other industry guidelines. But two organizations this week learned hard lessons about the cost of non-compliance.