Privacy and Security

As more providers are using digital data, privacy and security issues have become a greater concern. Protecting confidential patient information is also a priority for IT vendors, who are interested in offering solutions that come equipped with heightened security features. The industry-wide transition to HIPAA 5010 code set comes with heightened emphasis on privacy of patient data content in provider transactions, since 5010 aims to ensure that only the "minimum necessary" personal health information required for business purposes is included in a transaction.

RELATED STORIES:
Privacy hindering EHR progress, say researchers
HHS proposes new privacy, security rules

 
The Healthcare IT News/HIMSS Media Privacy & Security Forum in Boston featured 47 speakers who shared info and strategized over how to combat cybercrime and other pressing challenges to patient data. Here are four takeaways from the event.
September 17, 2014
News
Texas Health is hardly the only hospital or health network that struggles to convince the CEO, CFO or other board members just how critical funding security initiatives and technologies really is, but it did use a unique approach to get their attention.
September 17, 2014
News
A Huntsville, Ala., clinical diagnostics laboratory has notified more than 7,000 individuals of a HIPAA breach after the company discovered protected health information contained on a third-party server had been unsecured for nearly three years.
September 11, 2014
News
With the war already underway, how can hospitals and networks prepare? Chief information security officers share insights about shifting toward more sophisticated information security tactics.
September 11, 2014
News
When the Office for Civil Rights knocks on your door, asking about HIPAA compliance, it pays to be ready. And OCR is looking to audit providers ranging from large to small, and across a wide geographical distribution.
September 10, 2014
News
The fear of breaches, subsequent fines and reputation loss are among the reasons why some healthcare technology leaders have been hesitant to embrace cloud-based technology writ large. They need not fear, but should be informed.
September 8, 2014
News
Apple is expected to launch HealthKit on Tuesday along with a new iPhone and a much anticipated wearable device, called iWatch. But while the company is working hard to show that privacy rules for its new health platform offer adequate protections, recent high-profile security breaches call its efforts into question.
September 8, 2014
News
HealthCare.gov, the government's insurance enrollment website, was breached in July by a hacker or hackers, according to CMS officials at a briefing on Thursday. The officials said that while the intruders uploaded malware, they took no personal information.
September 5, 2014
News
The 47th and final speaker to join the HIMSS Media and Healthcare IT News Privacy & Security Forum in Boston Sept. 8-9 has quite a tale to tell. Boston Children's Hospital Senior Vice President and CIO Daniel Nigrin, MD, confirmed Sept. 2 that he will speak at the forum.
September 3, 2014
News
Our monthly "Benchmarks" report finds encouraging news on many healthcare privacy fronts. But some recent high-profile breaches show that security threats are getting harder to defend against each day. That means constant vigilance is a must.
September 2, 2014
News
Two large health insurers are hoping a new "public utility" patient data sharing service will improve one of the most pernicious problems in American healthcare.
August 29, 2014
News
Healthcare privacy and security experts from around the U.S. will gather in Boston, Sept. 8-9 to share information and strategize over how to combat cybercrime, insider threats and other pressing challenges to patient data.
August 28, 2014
News
Analytically useful anonymized data maintains referential integrity, so that relationships between data elements can be teased out of a patient’s medical information. This is needed for many forms of advanced analytics—such as evidence-based medicine, predicting resource demands, or estimating patient health-risk factors.
July 10, 2014
Resource
sites/default/files/resource-media/pdf/white_paper_the_analytic_utility_of_anonymized_data.pdf
Protect
To extract or maximize the value contained in databases, data custodians must often provide outside organizations access to their data. In order to protect the privacy of the individuals whose data is being disclosed, a data custodian must “de-identify” information before releasing it to a third-party. De-identification ensures that data cannot be matched to the person it describes. What might seem like a simple matter of masking a person’s direct identifiers (name, address), the problem of de-identification has proven more difficult and is an active area of scientific research.
July 10, 2014
Resource
sites/default/files/resource-media/pdf/de-identification_101_final.pdf
Protect
Healthcare organizations are burdened with a deluge of data and it’s only getting worse over time. Whether it’s provider-generated observational data coming through EHRs, medical imaging and telemetry data, or patient-generated consumer device and genetic data, the traditional methods for managing health information do not scale. Given the enormous and ever-increasing value of healthcare data, new approaches to enterprise ILM are essential. And, with scarce resources limiting your ability to “do it yourself” you’ll need the right partners that understand and implement these new approaches.
October 21, 2013
Resource
sites/default/files/resource-media/pdf/strategies_for_healthcare_information_lifecycle_management.pdf
Protect
Healthcare workers are not immune to the BYOD trend. More & more healthcare facilities are allowing their clinicians the use of smart phones, tablets & other mobile devices to access applications and enable them to deliver care wherever & whenever needed. The use of these mobile devices also presents a huge risk to patient information. Read on to learn how Intel© Anti-theft technology can help keep your patient information safe.
July 2, 2013
Resource
sites/default/files/resource-media/pdf/securing-mobile-devices-in-healthcare-solution-brief1.pdf
Protect
In January 2012, Healthcare IT News conducted a survey to identify drivers and challenges for developing and deploying a solution for centralized digital document delivery that complies with healthcare industry regulations. Read this report to learn the key findings from the survey investigating trends in the adoption of digital document management systems by healthcare institutions since the rollout of the <a href="/directory/health-information-technology-economic-and-clinical-health-hitech-act" target="_blank" class="directory-item-link">HITECH</a> Act’s financial incentive programs.
September 2, 2012
Resource
sites/default/files/resource-media/pdf/opentext_white_paper_final.pdf
Protect
This whitepaper looks at the five ways doctors and their hospitals can benefit from the ability to achieve instant communications routed per physicians’ preferences. With the improved ability for doctors to coordinate care through well-routed communication requests, patient care gets a boost, staff satisfaction goes up, and the healthcare system can achieve overall greater efficiency.
June 1, 2012
Resource
sites/default/files/resource-media/pdf/amcom_5-ways-doctors-instant-communications.pdf
Protect
To demonstrate meaningful use of electronic health records (EHR), as required by the HITECH Act, hospitals must fulfill the seemingly contradictory mandates to increase the sharing of patients' protected health information while also keeping it secure. Notable Solutions adds a layer of security and control to paper-based and electronic processes, enabling HIPAA-compliant secure exchange of PHI. Download this white paper to learn how this advanced capture and output platform helps hospitals to reduce error, automatically mitigate the risk of noncompliance and avoid the fines, reputation damage and other costs of HIPAA violations and privacy breaches.
September 8, 2014
Resource
sites/default/files/resource-media/pdf/secure-exchange.pdf
Protect
Eighty one percent of healthcare organizations use smart devices to collect, store or transmit some form of PHI and 49 percent do nothing to protect them. In fact, theft or loss of portable and unencrypted devices is the leading source of reported HIPAA data breaches and fines.
September 8, 2014
Resource
sites/default/files/resource-media/pdf/point-of-care.pdf
Protect
Every time a document or form is copied, scanned, printed, faxed or emailed -a patient's protected health information (PHI) can be accidentally exposed or intentionally compromised. Notable Solutions adds a layer of security and control to electronic and paper-based patient admissions and discharge processes. Download this white paper to learn how Notable Solutions is helping hospitals to minimize the manual work and decisions that invite human error, automatically mitigate the risk of non-compliance, and avoid the fines, reputation damage and other costs of HIPAA violations and privacy breaches.
September 8, 2014
Resource
sites/default/files/resource-media/pdf/securing-information.pdf
Protect
Learn how to build a risk-stratified response plan to secure medical data whenever a visual privacy incident is reported to limit potential harm to patients and the organization.
August 21, 2014
Resource
sites/default/files/resource-media/pdf/3msdp2301_h4_hc_privacybreach_081314.pdf
Protect
Identify the risks, review healthcare compliance issues, and consider recommended solutions to help protect medical data on mobile devices.
August 21, 2014
Resource
sites/default/files/resource-media/pdf/3msdp2301_h2_hc_compliancerisks_081314.pdf
Protect
Establish security controls to examine how healthcare officials can better address low-tech vulnerabilities like human error and a lack of visual privacy, that can help companies remain compliant with HIPAA regulation.
August 21, 2014
Resource
sites/default/files/resource-media/pdf/3msdp2301_h1_hc_privacyconcerns_081314.pdf
Protect
In reading an account of the recent attack on Community Health Systems, I was struck by the notion put across in the article that all we have to do is work harder to patch vulnerabilities, that with a better defense we can win the game against a skilled quarterback.
August 25, 2014
Blog
The consumerization of IT and the bring-your-own-device movement in the workplace has proven to be extremely beneficial for the healthcare industry, allowing providers to access patient data, billing information, clinical trial data and employee information on the go. However, this comes with a price.
August 12, 2014
Blog
Technology poses a constant dilemma. On one hand, it makes our lives easier and, in many cases, more efficient. However, it also leaves those who don’t understand or respect data security vulnerable to thieves, and the healthcare industry is a place where this reality rings especially true.
July 31, 2014
Blog
When it comes to leveraging the cloud for healthcare IT, I see two prevailing dynamics over and over. The first is that most organizations understand the benefits of the cloud very well. But when it comes to enjoying those benefits by partnering with the right provider, these same organizations are frequently lost.
June 24, 2014
Blog
The beauty of our technological world lies in the simple fact that as a technology is used by more people, it inevitably improves. Enterprise content management is no different.
May 29, 2014
Blog
HHS has released a new security risk assessment tool to help providers, and perhaps business partners, uncover potential weaknesses in their security policies, processes and systems.
May 19, 2014
Blog
What the healthcare industry needs to know about preventing security risk.
May 7, 2014
Blog
As I survey the landscape in 2014, I see much more sophisticated attacks at the same time there is much more severe regulatory enforcement. Where would I put my security dollars this year?
April 30, 2014
Blog
As technology continues to evolve, it can be difficult to resist getting caught by the "gee whiz" factor as we project what the future of healthcare could look like. But a new study may reveal the kind of challenges that lie ahead.
April 29, 2014
Blog
The Heartbleed web security exploit was first publicized several weeks ago. Fred Trotter notes in the MIT Technology Review that other similarly worrisome exploits do not get our attention in the same way, and that more health data leaks are likely in our future.
April 29, 2014
Blog
There are innumerable clinical, financial and compliance issues to be concerned about in this watershed era for the American healthcare system. However, do not forget about HIPAA.
April 17, 2014
Blog
As we discussed in Part I of this series, encryption plays a vital role in healthcare IT security, but not everyone understands the ins and outs. Today we're going to focus on the other more critical components of encryption.
March 28, 2014
Blog
The Electronic Healthcare Network Accreditation Commission (EHNAC), a non-profit standards development organization and accrediting body, in partnership with the Workgroup for Electronic Data Interchange (WEDI), today announced the formation of the new Practice Management System Accreditation Program (PMSAP).
July 15, 2014
Press Release
Numera, providing customizable solutions for companies interested in improving their offerings for healthy aging, chronic condition management, and post-acute careannounced its collaboration with ResMed on its patient engagement platform called SleepSeeker, a free online tool to improve patient compliance with therapy for sleep-disordered breathing.
June 18, 2013
Press Release
Cognosante, a provider of IT services for healthcare organizations, announced it was awarded a contract from Orion Health to provide integration and identity management for the first phase of the Massachusetts Statewide Health Information Exchange (HIE) program.
October 2, 2012
Press Release
Aetna and Hunterdon HealthCare Partners have announced a new accountable care agreement that will improve the quality and cost of patient care, helping members and plan sponsors save money.
July 19, 2012
Press Release
Vormetric, Inc., the leader in enterprise systems encryption and key management, today announced the results from an independent research report conducted by the Ponemon Institute on how organizations manage data security risks in cloud computing environments. The survey of 1,000 IT security practitioners and enterprise compliance officers revealed that less than half of all respondents believe their organizations have adequate technologies to secure their cloud infrastructures. Meanwhile, the two groups sharply disagreed on whether the cloud is as secure as on-premise datacenters, who is responsible for cloud data security, and what security measures should be used.
November 1, 2011
Press Release
Harris Corporation, an international communications and information technology company, in partnership with the Florida Agency for Health Care Administration (AHCA), has launched a secure email service that enables health care providers to exchange health information electronically with other providers.
August 31, 2011
Press Release
When a baby requires care in the Neonatal Intensive Care Unit (NICU), it is a stressful time for the entire family. St. Jude Medical Center, part of the St. Joseph Health System, has made it a little easier. For parents with babies in the St. Jude NICU, no matter where they are, no matter if it is 2 a.m. or 2 p.m.-their infant is now as close as a computer or mobile device.
July 7, 2011
Press Release
Seven community health centers and federally qualified health centers in central Indiana are now part of the Indiana Health Information Exchange's (IHIE) quality initiative, called the Quality Health First Program. Open Door Health Services, based in Muncie, is the latest participant the program.
June 21, 2011
Press Release
To help health care organizations and their business partners address evolving federal requirements for health data security and privacy, Verizon is enhancing two of its security programs.
June 2, 2011
Press Release
Health Level Seven® International (HL7), the global authority for interoperability and standards in healthcare information technology with members in 55 countries, today announced the appointment of Doug Fridsma, MD, PhD, director of the Office of Interoperability and Standards, Office of the National Coordinator for Health Information Technology (ONC), to the HL7 Board of Directors.
May 31, 2011
Press Release
CareTech Solutions, an information technology and Web products and services provider for more than 180 U.S. hospitals and health systems, announced today that St. Luke's Hospital & Health Network (SLHHN) in Bethlehem, PA. selected the company to provide remote 24/7/365 IT infrastructure monitoring from CareTech's Healthcare Infrastructure Operations Center (HIOC), a technology hub for the storing and monitoring of data, systems and applications located in Troy, Mich.
May 31, 2011
Press Release
The Health Information Trust Alliance (HITRUST) announced today a new component of the CSF Assurance program targeted at healthcare organizations with annual revenue less than $25 million. The new security assessment approach addresses the wide-scale inaccuracies found in assessments conducted by smaller organizations and extends the reach and value of the CSF Assurance program, the most widely used approach for documenting risk assessment information in the healthcare industry. The HITRUST CSF Assessment for Small Organizations is a practical and effective solution for organizations wanting to perform accurate assessments of their information security environment and address the requirements of meaningful use.
May 26, 2011
Press Release