Healthcare Information Security Podcast

Unfortunately, says Ken Vander Wal, most organizations have done little to address security in their policies and procedures regarding BYOD, which is changing the ways companies address user behavior and risk.

A lack of ongoing HIPAA compliance training increases the risk of internal breaches, says Terrell Herzig, information security officer at UAB Medicine.

Winning senior executive support for information security spending requires "a solid business case of justifications," says Christopher Paidhrin, security compliance officer at PeaceHealth Southwest Medical Center.

Ramped up HIPAA enforcement is a big reason behind the No. 1 information security priority for the coming year: improving regulatory compliance, says attorney Adam Greene.

Giving back to the community. It's a civic responsibility, says Dan Waddell of Tantus Technologies. But it's also a necessity to help raise cyber awareness. Waddell explains how security pros can give back.

One reason why so many healthcare organizations are not well-prepared to counter security threats is that "key leadership has not bought into the whole process," says Bob Krenek of Experian® Data Breach Resolution.

Penetration tests that demonstrate how an unauthorized user could gain access to patient information can be effective in winning support for a bigger information security budget, says David Kennedy of Diebold, Incorporated.

ISACA has just released a new study about the top vulnerabilities of Web applications. And, according to Sarb Sembhi, the results of this survey just might surprise you.

Accountable Care Organizations that will be formed to coordinate treatment of some Medicare patients must take steps to comply with HIPAA - as well as additional privacy requirements - as they share patient data among participating providers, says security expert Rebecca Herold.

Harry Raduege sees the nascent field of cyber intelligence as a way for governments and businesses to be proactive, and not reactive, to today's sophisticated digital threats.

ID theft expert Joanna Crane wonders whether banks, government agencies and healthcare providers do enough to assist consumers with ID theft recovery, saying consumer expectations are often loftier than what's being done to meet the demand.

Roger Baker, CIO at the Department of Veterans Affairs, outlines the department's mobile device security strategy, providing details on the rollout of iPhones and iPads.

Mike Brown and Amry Junaideen see audits as great tools to promote heftier IT security budgets, substantiating where dollars should be spent to safeguard an organization's information systems and assets.

Winn Schwartau says the BlackBerry disruption this past week (see BlackBerry Disruptions: Where to Start?) hit at the heart of one of the fundamentals of IT security: availability.

When Mano Paul of (ISC)2 discusses today's top application security challenges, he draws an analogy with sharks. And what he views as the skills needed to tackle today's top threats might surprise you.

Alastair MacWillson says the lack of harmonization among state, national and international security laws and regulations has proved challenging for global organizations that want to work in the cloud.

Too many organizations overlook regulatory compliance issues when working with cloud computing vendors, says security expert Alastair MacWillson.

Leon Rodriguez, the new director of the Department of Health and Human Services' Office for Civil Rights, describes his HIPAA enforcement agenda.

From the earthquake in Japan to Hurricane Irene in the U.S., organizations worldwide have found their business continuity and disaster plans tested. But what lessons must we draw from these incidents?

Elayne Starkey recently gave up her BlackBerry for an iPhone, and uses the Apple mobile device for personal and work doings, securely connecting to the computer system of her employer, the state of Delaware.