Healthcare Information Security Podcast

One of the nation's best-known healthcare data security experts who's advising federal regulators on policy issues offers advice to organizations preparing to comply with the data breach notification requirements of the HITECH Act. In an interview, Dixie Baker of SAIC advises hospitals and others to: Study how the HITECH Act, and the interim final rule on breach notification, precisely define what constitutes a data breach; Consider encrypting more information to protect against breaches; Implement detailed processes for notifying affected individuals and federal regulators about a breach; and Train all staff members about how to avoid a breach, how to recognize one and what do if one should occur. Baker is senior vice president and chief technology officer for health and life sciences at Science Applications International Corp., a McLean, Va.-based scientific, engineering and technology applications company. The consultant has played a key role in the federal government's efforts to set policies and standards for healthcare data security. She chairs the privacy and security workgroup of the Health Information Technology Standards Committee. She's also a member of the full committee, as well as the privacy and security workgroup of the HIT Policy Committee. These federal advisory bodies make recommendations to the Office of the National Coordinator for Health IT within the U.S. Department of Health and Human Services. The recommendations are used to create standards for electronic health records under the Medicare and Medicaid EHR incentive payment program, as funded under the American Recovery and Reinvestment Act. Baker, who holds a PhD in education research and methodologies from University of Southern California, has been with SAIC since 1995.

Risk management today - it's less about pure technology, more about business acumen and pure communication skills. This is the position of Kenneth Newman, VP & Information Security Manager at Central Pacific Bank. In an interview about top risk management trends, Newman discusses: Scope of the risk management job in banking institutions today; Biggest challenges to getting the job done right; Necessarily skills for successful risk managers. Newman joined Central Pacific Bank as Vice President & Information Security Manager in February 2009. He oversees the bank's information security program and the protection of its information assets. Prior to joining CPB, Mr. Newman served as First Vice President & Online Risk Manager for Washington Mutual (WaMu) and has managed various global and regional security and risk functions for Deutsche Bank and Citigroup in New York. Central Pacific Bank is the main subsidiary of Central Pacific Financial Corp., a Hawaii based financial institution with $5.2 billion in assets.

Risk management today - it's less about pure technology, more about business acumen and pure communication skills. This is the position of Kenneth Newman, VP & Information Security Manager at Central Pacific Bank. In an interview about top risk management trends, Newman discusses: Scope of the risk management job in banking institutions today; Biggest challenges to getting the job done right; Necessarily skills for successful risk managers. Newman joined Central Pacific Bank as Vice President & Information Security Manager in February 2009. He oversees the bank's information security program and the protection of its information assets. Prior to joining CPB, Mr. Newman served as First Vice President & Online Risk Manager for Washington Mutual (WaMu) and has managed various global and regional security and risk functions for Deutsche Bank and Citigroup in New York. Central Pacific Bank is the main subsidiary of Central Pacific Financial Corp., a Hawaii based financial institution with $5.2 billion in assets.

Risk management today - it's less about pure technology, more about business acumen and pure communication skills. This is the position of Kenneth Newman, VP & Information Security Manager at Central Pacific Bank. In an interview about top risk management trends, Newman discusses: Scope of the risk management job in banking institutions today; Biggest challenges to getting the job done right; Necessarily skills for successful risk managers. Newman joined Central Pacific Bank as Vice President & Information Security Manager in February 2009. He oversees the bank's information security program and the protection of its information assets. Prior to joining CPB, Mr. Newman served as First Vice President & Online Risk Manager for Washington Mutual (WaMu) and has managed various global and regional security and risk functions for Deutsche Bank and Citigroup in New York. Central Pacific Bank is the main subsidiary of Central Pacific Financial Corp., a Hawaii based financial institution with $5.2 billion in assets.

What's the cost of a data breach? The Ponemon Institute is out with its 5th annual "Cost of a Data Breach" study, and in an exclusive interview Dr. Larry Ponemon discusses: The current cost of a data breach - and how it's risen since 2009; Data breach trends across industry; What organizations should do to respond to or prevent breaches. Ponemon is the Chairman and Founder of the Ponemon Institute, a research "think tank" dedicated to advancing privacy and data protection practices. Dr. Ponemon is considered a pioneer in privacy auditing and the Responsible Information Management or RIM framework. Ponemon Institute conducts independent research, educates leaders from the private and public sectors and verifies the privacy and data protection practices of organizations in a various industries. In addition to Institute activities, Dr. Ponemon is an adjunct professor for ethics and privacy at Carnegie Mellon University's CIO Institute. He is a Fellow of the Center for Government Innovation of the Unisys Corporation.

What's the cost of a data breach? The Ponemon Institute is out with its 5th annual "Cost of a Data Breach" study, and in an exclusive interview Dr. Larry Ponemon discusses: The current cost of a data breach - and how it's risen since 2009; Data breach trends across industry; What organizations should do to respond to or prevent breaches. Ponemon is the Chairman and Founder of the Ponemon Institute, a research "think tank" dedicated to advancing privacy and data protection practices. Dr. Ponemon is considered a pioneer in privacy auditing and the Responsible Information Management or RIM framework. Ponemon Institute conducts independent research, educates leaders from the private and public sectors and verifies the privacy and data protection practices of organizations in a various industries. In addition to Institute activities, Dr. Ponemon is an adjunct professor for ethics and privacy at Carnegie Mellon University's CIO Institute. He is a Fellow of the Center for Government Innovation of the Unisys Corporation.

What's the cost of a data breach? The Ponemon Institute is out with its 5th annual "Cost of a Data Breach" study, and in an exclusive interview Dr. Larry Ponemon discusses: The current cost of a data breach - and how it's risen since 2009; Data breach trends across industry; What organizations should do to respond to or prevent breaches. Ponemon is the Chairman and Founder of the Ponemon Institute, a research "think tank" dedicated to advancing privacy and data protection practices. Dr. Ponemon is considered a pioneer in privacy auditing and the Responsible Information Management or RIM framework. Ponemon Institute conducts independent research, educates leaders from the private and public sectors and verifies the privacy and data protection practices of organizations in a various industries. In addition to Institute activities, Dr. Ponemon is an adjunct professor for ethics and privacy at Carnegie Mellon University's CIO Institute. He is a Fellow of the Center for Government Innovation of the Unisys Corporation.

Credit reports, social networks and international background checks - these are three of the hottest topics in employment background screening, according to Employment Screening Resources (ESR), a CA-based firm. In an exclusive interview, Lester Rosen, President and CEO of ESR, discusses: The top 10 trends in background screening in 2010; Specific challenges for information security leaders; How to improve your organization's background screening process. Rosen, a retired attorney, founded ESR in 1996. In 2003, that firm was rated as the top screening firm in the US in the first independent study of the industry in research report prepared by the Intellectual Capital Group, a division of HR.com. He is a consultant, writer and frequent presenter nationwide on pre-employment screening and safe hiring issues. His speaking appearances have included numerous national and statewide conferences. He has qualified and testified in the California, Florida and Arkansas Superior Court as an employment screening expert on issues surrounding safe hiring and due diligence. He is the author of The Safe Hiring Manual-The Complete Guide to Keeping Criminals, Imposters and Terrorists out of the Workplace." He is also the key presenter in the webinar Avoid Negligent Hiring - Best Practices and Legal Compliance in Background Checks.

Credit reports, social networks and international background checks - these are three of the hottest topics in employment background screening, according to Employment Screening Resources (ESR), a CA-based firm. In an exclusive interview, Lester Rosen, President and CEO of ESR, discusses: The top 10 trends in background screening in 2010; Specific challenges for information security leaders; How to improve your organization's background screening process. Rosen, a retired attorney, founded ESR in 1996. In 2003, that firm was rated as the top screening firm in the US in the first independent study of the industry in research report prepared by the Intellectual Capital Group, a division of HR.com. He is a consultant, writer and frequent presenter nationwide on pre-employment screening and safe hiring issues. His speaking appearances have included numerous national and statewide conferences. He has qualified and testified in the California, Florida and Arkansas Superior Court as an employment screening expert on issues surrounding safe hiring and due diligence. He is the author of The Safe Hiring Manual-The Complete Guide to Keeping Criminals, Imposters and Terrorists out of the Workplace." He is also the key presenter in the webinar Avoid Negligent Hiring - Best Practices and Legal Compliance in Background Checks.

Credit reports, social networks and international background checks - these are three of the hottest topics in employment background screening, according to Employment Screening Resources (ESR), a CA-based firm. In an exclusive interview, Lester Rosen, President and CEO of ESR, discusses: The top 10 trends in background screening in 2010; Specific challenges for information security leaders; How to improve your organization's background screening process. Rosen, a retired attorney, founded ESR in 1996. In 2003, that firm was rated as the top screening firm in the US in the first independent study of the industry in research report prepared by the Intellectual Capital Group, a division of HR.com. He is a consultant, writer and frequent presenter nationwide on pre-employment screening and safe hiring issues. His speaking appearances have included numerous national and statewide conferences. He has qualified and testified in the California, Florida and Arkansas Superior Court as an employment screening expert on issues surrounding safe hiring and due diligence. He is the author of The Safe Hiring Manual-The Complete Guide to Keeping Criminals, Imposters and Terrorists out of the Workplace." He is also the key presenter in the webinar Avoid Negligent Hiring - Best Practices and Legal Compliance in Background Checks.

In 10 years as a security compliance officer, Christopher Paidhrin has seen his role broaden as data security has become an even higher priority at Southwest Washington Medical Center in Vancouver, Wash. Today, Paidhrin is more involved in policy development. He's also pushing to improve awareness of the policies in every sector of the hospital. "A policy does no good if it sits in a folder and no one reads it," he says. And he now advises area physician group practices on data security issues. In an interview, Paidhrin, who serves as the equivalent of a chief information security officer, singles out his top three priorities for 2010, including: Strengthening data loss prevention capabilities; Aligning IT goals with strategic goals; and Ramping up data security training. He also describes his hospital's annual risk analysis process, which is supplemented by a consultant's audit every three years "to make sure we're not deceiving ourselves."

In 10 years as a security compliance officer, Christopher Paidhrin has seen his role broaden as data security has become an even higher priority at Southwest Washington Medical Center in Vancouver, Wash. Today, Paidhrin is more involved in policy development. He's also pushing to improve awareness of the policies in every sector of the hospital. "A policy does no good if it sits in a folder and no one reads it," he says. And he now advises area physician group practices on data security issues. In an interview, Paidhrin, who serves as the equivalent of a chief information security officer, singles out his top three priorities for 2010, including: Strengthening data loss prevention capabilities; Aligning IT goals with strategic goals; and Ramping up data security training. He also describes his hospital's annual risk analysis process, which is supplemented by a consultant's audit every three years "to make sure we're not deceiving ourselves."

In 10 years as a security compliance officer, Christopher Paidhrin has seen his role broaden as data security has become an even higher priority at Southwest Washington Medical Center in Vancouver, Wash. Today, Paidhrin is more involved in policy development. He's also pushing to improve awareness of the policies in every sector of the hospital. "A policy does no good if it sits in a folder and no one reads it," he says. And he now advises area physician group practices on data security issues. In an interview, Paidhrin, who serves as the equivalent of a chief information security officer, singles out his top three priorities for 2010, including: Strengthening data loss prevention capabilities; Aligning IT goals with strategic goals; and Ramping up data security training. He also describes his hospital's annual risk analysis process, which is supplemented by a consultant's audit every three years "to make sure we're not deceiving ourselves."

Faced with the threat of much stiffer penalties for data security violations and ramped-up enforcement at the federal and state levels, many hospitals are just starting to pay serious attention to security, contends consultant Kate Borten. But they must go far beyond investing in new technologies to develop comprehensive security strategies and actually carry them out, she says. In an interview, Borten, president of the Marblehead Group, predicts that civil suits by state attorneys general, like one recently filed in Connecticut, will grab the attention of hospitals and physician groups of all sizes, hopefully triggering action on data security. The HITECH Act gave state attorneys general the power to file civil suits on healthcare data security violations. Patients will be much more likely to file complaints with a state official than they would with a federal agency, she contends, predicting a ramping up of security cases. Among Borten's tips for hospitals playing catch-up on data security are: Hire a data security team, not just a chief information security officer. "One FTE alone isn't enough." Conduct an annual risk analysis and build a data security strategy. Prepare a detailed plan on how to report data security breaches. "It's similar to preparing for a computer system disaster." Encrypt all information transmitted over the Internet or a wireless network as well as data stored on portable devices.

Faced with the threat of much stiffer penalties for data security violations and ramped-up enforcement at the federal and state levels, many hospitals are just starting to pay serious attention to security, contends consultant Kate Borten. But they must go far beyond investing in new technologies to develop comprehensive security strategies and actually carry them out, she says. In an interview, Borten, president of the Marblehead Group, predicts that civil suits by state attorneys general, like one recently filed in Connecticut, will grab the attention of hospitals and physician groups of all sizes, hopefully triggering action on data security. The HITECH Act gave state attorneys general the power to file civil suits on healthcare data security violations. Patients will be much more likely to file complaints with a state official than they would with a federal agency, she contends, predicting a ramping up of security cases. Among Borten's tips for hospitals playing catch-up on data security are: Hire a data security team, not just a chief information security officer. "One FTE alone isn't enough." Conduct an annual risk analysis and build a data security strategy. Prepare a detailed plan on how to report data security breaches. "It's similar to preparing for a computer system disaster." Encrypt all information transmitted over the Internet or a wireless network as well as data stored on portable devices.