Privacy and Security

As more providers are using digital data, privacy and security issues have become a greater concern. Protecting confidential patient information is also a priority for IT vendors, who are interested in offering solutions that come equipped with heightened security features. The industry-wide transition to HIPAA 5010 code set comes with heightened emphasis on privacy of patient data content in provider transactions, since 5010 aims to ensure that only the "minimum necessary" personal health information required for business purposes is included in a transaction.

RELATED STORIES:
Privacy hindering EHR progress, say researchers
HHS proposes new privacy, security rules

 
A recent study led by the Regenstrief Institute raises interesting questions about patient health data: who controls it, who sees it in the electronic health record and how it should be shared across the care continuum.
December 22, 2014
News
A critical access hospital in southern Illinois was targeted by an unknown party with access to protected health information, who threatened to release more data unless a "substantial" ransom payment was made.
December 19, 2014
News
Perhaps CD-ROMs are not the best storage media when it comes to safeguarding the health information of your patients -- especially when one of your staff members accidentally donates them to a children's art project, as what recently happened at a Virginia-based health system.
December 18, 2014
News
Sony Pictures last week notified employees that their medical data and Social Security numbers were swiped in a cyberattack, a breach that has prompted privacy advocates to reaffirm the need to implement further data safeguards.
December 16, 2014
News
In the second biggest HIPAA breach ever reported, one of the nation's largest healthcare systems has notified some 4.5 million of its patients that their personal information has been snatched by cybercriminals.
December 12, 2014
News
To those shirking their HIPAA privacy and security duties: get ready to pay up. That's the message the Department of Health and Human Services is sending after it set records this May for imposing the largest HIPAA monetary fine to date on two entities found to be seriously lacking in the security arena.
December 12, 2014
News
The risk of experiencing a data breach "is higher than ever," according to Experian's second annual industry forecast, which shows how the "consistently high value of healthcare data on the black market" means there will be little respite for an industry already beleaguered by cyber threats.
December 12, 2014
News
Having established a level of trust and familiarity with electronic health records over the past few years, increasing numbers of U.S. patients are looking for more advanced features, such as access to doctors' notes and test results, according to a new survey from the National Partnership for Women & Families.
December 11, 2014
News
Despite what seems to be some sustainable momentum beyond the initial rush of excitement, worries remain about Apple's HealthKit platform -- with security concerns and its potential to flood doctors with unnecessary data topping the list. Could the latest big thing eventually go the way of Google Health?
December 10, 2014
News
Despite what seems to be some sustainable momentum beyond the initial rush of excitement, worries remain about Apple's HealthKit platform -- with security concerns and its potential to flood doctors with unnecessary data topping the list. Could the latest big thing eventually go the way of Google Health?
December 10, 2014
News
A five-facility mental health organization in Alaska has agreed to pay up and shape up its HIPAA compliance program after a Department of Health and Human Services investigation found the group failed to appropriately safeguard patient data.
December 9, 2014
News
If you think you're able to dodge a data breach without putting in the work, think again. This year, organizations have reported more data breaches than the year prior, seeing on average a 10 percent jump in breach frequency. So what are they doing to improve these numbers? A new study says: not enough.
December 5, 2014
News
Analytically useful anonymized data maintains referential integrity, so that relationships between data elements can be teased out of a patient’s medical information. This is needed for many forms of advanced analytics—such as evidence-based medicine, predicting resource demands, or estimating patient health-risk factors.
July 10, 2014
Resource
sites/default/files/resource-media/pdf/white_paper_the_analytic_utility_of_anonymized_data.pdf
Protect
To extract or maximize the value contained in databases, data custodians must often provide outside organizations access to their data. In order to protect the privacy of the individuals whose data is being disclosed, a data custodian must “de-identify” information before releasing it to a third-party. De-identification ensures that data cannot be matched to the person it describes. What might seem like a simple matter of masking a person’s direct identifiers (name, address), the problem of de-identification has proven more difficult and is an active area of scientific research.
July 10, 2014
Resource
sites/default/files/resource-media/pdf/de-identification_101_final.pdf
Protect
Healthcare organizations are burdened with a deluge of data and it’s only getting worse over time. Whether it’s provider-generated observational data coming through EHRs, medical imaging and telemetry data, or patient-generated consumer device and genetic data, the traditional methods for managing health information do not scale. Given the enormous and ever-increasing value of healthcare data, new approaches to enterprise ILM are essential. And, with scarce resources limiting your ability to “do it yourself” you’ll need the right partners that understand and implement these new approaches.
October 21, 2013
Resource
sites/default/files/resource-media/pdf/strategies_for_healthcare_information_lifecycle_management.pdf
Protect
Healthcare workers are not immune to the BYOD trend. More & more healthcare facilities are allowing their clinicians the use of smart phones, tablets & other mobile devices to access applications and enable them to deliver care wherever & whenever needed. The use of these mobile devices also presents a huge risk to patient information. Read on to learn how Intel© Anti-theft technology can help keep your patient information safe.
July 2, 2013
Resource
sites/default/files/resource-media/pdf/securing-mobile-devices-in-healthcare-solution-brief1.pdf
Protect
In January 2012, Healthcare IT News conducted a survey to identify drivers and challenges for developing and deploying a solution for centralized digital document delivery that complies with healthcare industry regulations. Read this report to learn the key findings from the survey investigating trends in the adoption of digital document management systems by healthcare institutions since the rollout of the <a href="/directory/health-information-technology-economic-and-clinical-health-hitech-act" target="_blank" class="directory-item-link">HITECH</a> Act’s financial incentive programs.
September 2, 2012
Resource
sites/default/files/resource-media/pdf/opentext_white_paper_final.pdf
Protect
This whitepaper looks at the five ways doctors and their hospitals can benefit from the ability to achieve instant communications routed per physicians’ preferences. With the improved ability for doctors to coordinate care through well-routed communication requests, patient care gets a boost, staff satisfaction goes up, and the healthcare system can achieve overall greater efficiency.
June 1, 2012
Resource
sites/default/files/resource-media/pdf/amcom_5-ways-doctors-instant-communications.pdf
Protect
Learn how an effective cloud-computing risk-management program reduces overall risk, prioritizes resource utilization and provides healthcare organizations with a long-term strategy. Download now for a manageable process and checklist that can be used by enterprise security, compliance and IT as a framework for crafting a successful cloud computing security plan.
December 5, 2014
Resource
Protect
In this webinar, you will learn how to minimize security risk and regulatory exposure for your organization while successfully deploying Patient Portals and other web-based healthcare applications.
December 1, 2014
Resource
Do Not Protect
http://himssmediawebinars.com/registration/webinar/securing-patient-portals-what-you-need-know-comply-hipaa-and-meaningful-use-0?affiliatedata=HITNwebsite
Karen Finley and Dave Len will explain how Duke University Health System has continued to refine its use of access management to improve clinical efficiency and security in light of evolving business needs.
November 26, 2014
Resource
Do Not Protect
http://himssmediawebinars.com/registration/webinar/how-duke-university-health-system-adapted-its-single-sign-and-context-managemen?affiliatedata=HITNwebsite
At this session, you’ll see first-hand how you can use technology to enable better care team coordination and communication, how you can share information, including patient data, securely, and how you can easily use the data that you have to help make more informed and faster decisions.
November 18, 2014
Resource
Do Not Protect
http://himssmediawebinars.com/registration/webinar/technology-immersion-enabling-better-care-team-collaboration-and-communication?affiliatedata=hitnwebsite
Next Gen Firewalls offer a host of great security capabilities and new services are constantly being added to the mix. Get a review of how NGFWs are evaluated for performance and security effectiveness with an overview of the recent NSS Labs NGFW annual test results. Learn how you can keep adding more layers of protection easily, continually combat the constantly increasing threat landscape and measure security effectiveness against throughout performance.
November 11, 2014
Resource
Protect
https://www.youtube.com/watch?v=uQSYEgD-_Iw
Healthcare providers are migrating from large, independent stand alone organizations into complex new ecosystems. Health Information Exchanges (HIEs) are evolving and more affordable transfer of clinical information and other of data. Healthcare security as we know it is changing quickly! This white paper discusses Fortinet's secure health architecture and how to achieve end-to-end security for a highly secure healthcare organization.
November 11, 2014
Resource
sites/default/files/resource-media/pdf/secure_next_generation_healthcare_wp-final_51914.pdf
Protect
In reading an account of the recent attack on Community Health Systems, I was struck by the notion put across in the article that all we have to do is work harder to patch vulnerabilities, that with a better defense we can win the game against a skilled quarterback.
August 25, 2014
Blog
The consumerization of IT and the bring-your-own-device movement in the workplace has proven to be extremely beneficial for the healthcare industry, allowing providers to access patient data, billing information, clinical trial data and employee information on the go. However, this comes with a price.
August 12, 2014
Blog
Technology poses a constant dilemma. On one hand, it makes our lives easier and, in many cases, more efficient. However, it also leaves those who don’t understand or respect data security vulnerable to thieves, and the healthcare industry is a place where this reality rings especially true.
July 31, 2014
Blog
When it comes to leveraging the cloud for healthcare IT, I see two prevailing dynamics over and over. The first is that most organizations understand the benefits of the cloud very well. But when it comes to enjoying those benefits by partnering with the right provider, these same organizations are frequently lost.
June 24, 2014
Blog
The beauty of our technological world lies in the simple fact that as a technology is used by more people, it inevitably improves. Enterprise content management is no different.
May 29, 2014
Blog
HHS has released a new security risk assessment tool to help providers, and perhaps business partners, uncover potential weaknesses in their security policies, processes and systems.
May 19, 2014
Blog
What the healthcare industry needs to know about preventing security risk.
May 7, 2014
Blog
As I survey the landscape in 2014, I see much more sophisticated attacks at the same time there is much more severe regulatory enforcement. Where would I put my security dollars this year?
April 30, 2014
Blog
As technology continues to evolve, it can be difficult to resist getting caught by the "gee whiz" factor as we project what the future of healthcare could look like. But a new study may reveal the kind of challenges that lie ahead.
April 29, 2014
Blog
The Heartbleed web security exploit was first publicized several weeks ago. Fred Trotter notes in the MIT Technology Review that other similarly worrisome exploits do not get our attention in the same way, and that more health data leaks are likely in our future.
April 29, 2014
Blog
There are innumerable clinical, financial and compliance issues to be concerned about in this watershed era for the American healthcare system. However, do not forget about HIPAA.
April 17, 2014
Blog
As we discussed in Part I of this series, encryption plays a vital role in healthcare IT security, but not everyone understands the ins and outs. Today we're going to focus on the other more critical components of encryption.
March 28, 2014
Blog
The Electronic Healthcare Network Accreditation Commission (EHNAC), a non-profit standards development organization and accrediting body, in partnership with the Workgroup for Electronic Data Interchange (WEDI), today announced the formation of the new Practice Management System Accreditation Program (PMSAP).
July 15, 2014
Press Release
Numera, providing customizable solutions for companies interested in improving their offerings for healthy aging, chronic condition management, and post-acute careannounced its collaboration with ResMed on its patient engagement platform called SleepSeeker, a free online tool to improve patient compliance with therapy for sleep-disordered breathing.
June 18, 2013
Press Release
Cognosante, a provider of IT services for healthcare organizations, announced it was awarded a contract from Orion Health to provide integration and identity management for the first phase of the Massachusetts Statewide Health Information Exchange (HIE) program.
October 2, 2012
Press Release
Aetna and Hunterdon HealthCare Partners have announced a new accountable care agreement that will improve the quality and cost of patient care, helping members and plan sponsors save money.
July 19, 2012
Press Release
Vormetric, Inc., the leader in enterprise systems encryption and key management, today announced the results from an independent research report conducted by the Ponemon Institute on how organizations manage data security risks in cloud computing environments. The survey of 1,000 IT security practitioners and enterprise compliance officers revealed that less than half of all respondents believe their organizations have adequate technologies to secure their cloud infrastructures. Meanwhile, the two groups sharply disagreed on whether the cloud is as secure as on-premise datacenters, who is responsible for cloud data security, and what security measures should be used.
November 1, 2011
Press Release
Harris Corporation, an international communications and information technology company, in partnership with the Florida Agency for Health Care Administration (AHCA), has launched a secure email service that enables health care providers to exchange health information electronically with other providers.
August 31, 2011
Press Release
When a baby requires care in the Neonatal Intensive Care Unit (NICU), it is a stressful time for the entire family. St. Jude Medical Center, part of the St. Joseph Health System, has made it a little easier. For parents with babies in the St. Jude NICU, no matter where they are, no matter if it is 2 a.m. or 2 p.m.-their infant is now as close as a computer or mobile device.
July 7, 2011
Press Release
Seven community health centers and federally qualified health centers in central Indiana are now part of the Indiana Health Information Exchange's (IHIE) quality initiative, called the Quality Health First Program. Open Door Health Services, based in Muncie, is the latest participant the program.
June 21, 2011
Press Release
To help health care organizations and their business partners address evolving federal requirements for health data security and privacy, Verizon is enhancing two of its security programs.
June 2, 2011
Press Release
Health Level Seven® International (HL7), the global authority for interoperability and standards in healthcare information technology with members in 55 countries, today announced the appointment of Doug Fridsma, MD, PhD, director of the Office of Interoperability and Standards, Office of the National Coordinator for Health Information Technology (ONC), to the HL7 Board of Directors.
May 31, 2011
Press Release
CareTech Solutions, an information technology and Web products and services provider for more than 180 U.S. hospitals and health systems, announced today that St. Luke's Hospital & Health Network (SLHHN) in Bethlehem, PA. selected the company to provide remote 24/7/365 IT infrastructure monitoring from CareTech's Healthcare Infrastructure Operations Center (HIOC), a technology hub for the storing and monitoring of data, systems and applications located in Troy, Mich.
May 31, 2011
Press Release
The Health Information Trust Alliance (HITRUST) announced today a new component of the CSF Assurance program targeted at healthcare organizations with annual revenue less than $25 million. The new security assessment approach addresses the wide-scale inaccuracies found in assessments conducted by smaller organizations and extends the reach and value of the CSF Assurance program, the most widely used approach for documenting risk assessment information in the healthcare industry. The HITRUST CSF Assessment for Small Organizations is a practical and effective solution for organizations wanting to perform accurate assessments of their information security environment and address the requirements of meaningful use.
May 26, 2011
Press Release