The U.S. Department Health and Human Services’ Office for Civil Rights (OCR) is responsible for enforcing compliance with HIPAA security and privacy regulations. OCR conducts audits triggered by patient complaints or reported breaches. Healthcare organizations can avoid or pass OCR audits by educating staff, designating a security officer, reviewing policies and procedures, performing security risk analysis, working with vendors, creating a risk management plan, reviewing business associate agreements, and providing regular HIPAA training.
The NCSC wants developers to get serious on software security
The NCSC’s new Software Security Code of Practice has been praised by cyber professionals as a significant advancement in enhancing software supply chain security.
