The US proposes rules to make healthcare data more secure
The US proposes rules to make healthcare data more secure
www.theverge.com
The US proposes rules to make healthcare data more secure
The HIPAA Security Rule is due for an overhaul.
6 comments
-
-
HIPAA is a super vague standard on the tech side. PCI is much more specific and frankly better even though its meant for a different purpose and both were written by different types of entities. It may have changed since I worked with it, but one example I remember is HIPAA standards say to use a firewall. PCI standards say to use a firewall, document rules, review them quarterly with a formal process and separation of duties, and conduct external third party scans to look for vulnerabilities. I'm glad HIPAA is getting an update, but it could really use an overhaul.
-
One can avoid all rules when greedy enough
6 comments
What such a ruling needs are hard punishments for those responsible for data "losses". Those who have unsecured servers, those who use weak passwords, or leave backdoors in their software need to be sanctioned as well as the actual hackers.
Definitely. Once the company reach certain level of annual turnover it must implement A-Z security measures or be fined out of existence would be great. I even go as far as making it personal liability for upper management if they deliberately try to circumvent those requirements.
This needs to be a thing for SO many things across the board, from personal data to ecological damage and unsafe working conditions. Not just upper management, everyone down the chain. If Bob the (qualified)intern did it, Anna the manager checked it and Charlie the CEO approved it, they ALL need to get punished.