Privacy and Security

As more providers are using digital data, privacy and security issues have become a greater concern. Protecting confidential patient information is also a priority for IT vendors, who are interested in offering solutions that come equipped with heightened security features. The industry-wide transition to HIPAA 5010 code set comes with heightened emphasis on privacy of patient data content in provider transactions, since 5010 aims to ensure that only the "minimum necessary" personal health information required for business purposes is included in a transaction.

RELATED STORIES:
Privacy hindering EHR progress, say researchers
HHS proposes new privacy, security rules

 
The message cut straight to the chase: “d0xes of your staff are next. HIPAA breach thereafter. Test us.”
December 5, 2014
News
What do consumers and clinicians consider to be the top 10 issues for the $2.8 trillion healthcare industry in the coming new year? The answers may surprise you.
December 4, 2014
News
Your organization can have the most well-crafted privacy and security policies in the world. But if those policies are accompanied by lukewarm emphasis and no accountability, or your staff just downright ignores them, you have a big security problem -- just like the folks at one Ohio-based health system did last week.
December 2, 2014
News
A stamp of approval from the U.S. Food and Drug Administration doesn't necessarily mean mobile medical apps are safe from hackers. Some 90 percent of Android healthcare apps have been hacked, according to a new report, with 22 percent of those apps okayed by the FDA.
December 1, 2014
News
Lucia Savage, who joined the National Coordinator for Health IT as chief privacy officer this past month, will join other top security officials from the HHS Office for Civil Rights and the U.S. Food and Drug Administration on a panel at the HIMSS Media Privacy & Security Forum at the mHealth Summit on December 7.
November 25, 2014
News
Beth Israel Deaconess Medical Center will pay $100,000 to the state of Massachusetts after one of its physicians failed to follow the hospital's laptop encryption policy and an unencrypted laptop was stolen.
November 24, 2014
News
As debate swirls about a recent Institute of Medicine report suggesting that electronic health records collect more non-clinical patient data for population health research, a new poll suggest patients are mostly willing to offer access to anonymized health information -- but only to an extent.
November 24, 2014
News
Jay Radcliffe breaks into medical devices for a living, testing for vulnerabilities as a security researcher. He's also a diabetic and gives himself insulin injections instead of relying on an automated insulin pump, which he says could be hacked.
November 19, 2014
News
What are the responsibilities of covered entities when an encrypted laptop or device is stolen, but the passcodes are handed over in the theft as well? A recent robbery reported by Boston's Brigham and Women's Hospital may shed some light on these tricky situations.
November 18, 2014
News
Chris Crowley, who says he spent his teenage years "logging into servers all over the world with pretty much free reign," will offer his thoughts on hacking -- ethical and otherwise -- at the mHealth Summit symposium "BYOD and MDM: Managing Risk on the Mobile Perimeter."
November 12, 2014
News
A state insurance plan subcontractor is at the center of a serious security incident after hackers gained three months of unfettered access to its computer system, compromising thousands of members' health records.
November 12, 2014
News
If you're a provider or payer organization with a great story to tell about a patient engagement program that has improved care and reduced costs, here's your chance to share that success -- and learn from your peers.
November 12, 2014
News
Healthcare organizations are key targets for sophisticated data breaches. How can you improve defenses? Paul Smith of Ascension Health offer today's top strategies and insights. What you can do to prepare for and reduce attacks.
November 11, 2014
Resource
Protect
http://www.fortinet.com/webinars/defending-against-advanced-healthcare-breaches.html
Distributed Healthcare Networks have grown in complexity over the last decade as they expand Network Access and add more sophisticated Security Technologies to protect their networks. In addition, the adoption of standards such as the Payment Card Industry Data Security Standard (PCI DSS) and HIPAA have also improved the overall security of data but come with challenges in meeting continually changing and expanding requirements. Learn how to overcome these challenges and accelerate PCI compliance while simplifying your network security.
November 11, 2014
Resource
sites/default/files/resource-media/pdf/secure-distributed-healthcare-networks.pdf
Protect
Delivering IT in healthcare can be challenging. Supporting clinicians that are ever more mobile, administering systems that become more complex each day, and dealing with tighter budgets are all in your days work. You know that every minute of inefficiency is costing your hospital money, and maybe worse, creating satisfaction, security or even safety issues for your patients.
November 7, 2014
Resource
Protect
Recently, a powerful trend toward “patient engagement” has emerged driving transformation in how healthcare providers deliver services to those most impacted by healthcare decisions: patients. While this potential revolution in provider/patient relationships is taking place, healthcare IT organizations are facing serious challenges of their own. How can they best service those in the front-line engaging with the patients to drive enhanced patient care?
November 7, 2014
Resource
Protect
IT departments today are finding themselves squarely at the epicenter of healthcare compliance scrutiny. One of the many regulations to which they must adhere is “meaningful use,” which ties financial incentives to usage of electronic health records as part of the Medicare and Medicaid EHR Incentive Program. Now, with meaningful use deadlines fast approaching and concerns about compliance reaching the highest levels of healthcare organizations, IT professionals are finally being invited to step out of the basement and into the boardroom.
November 7, 2014
Resource
Protect
The security threat landscape is rapidly evolving: from risks with the proliferation of mobile devices to the increased sophistication of organized cyber criminals. Healthcare has a significant burden with the dubious distinction of having the highest per record data breach cost among all regulated industries. This webinar covers the ten essential practices for security, the different threat patterns to be aware of and how you can take steps to remediate these threats and protect your organization.
November 3, 2014
Resource
Do Not Protect
http://himssmediawebinars.com/registration/webinar/navigating-new-healthcare-security-landscape-rethinking-your-security-posture?affiliatedata=websiteHITN
The shift from fee-for-service to value-based care is creating significant financial and performance pressures for healthcare providers. As Health IT leaders work to harness cloud, Big Data, mobile, and social technology to optimize their EMR, building a trusted hybrid cloud infrastructure lays the foundation for team-based care. In this whitepaper, learn how a hybrid cloud framework enables coordinated care to improve patient care delivery, lower IT costs, and increase business agility -- including recommended steps and solutions.
October 15, 2014
Resource
sites/default/files/resource-media/pdf/hybrid_cloud_powers_next_generation_health_it_emc_whitepaper.pdf
Protect
This webinar will cover malicious cybercrime, the evolution of hackers, and how it affects the corporate IT landscape. Hear about how NaviSite and Alert Logic have teamed up to provide relevant security solutions and strategies for businesses to use to prevent harmful cyber activity affecting the Healthcare Industry.
October 8, 2014
Resource
Do Not Protect
http://himssmediawebinars.com/registration/webinar/emerging-threats-healthcare-strategies-defense?affiliatedata=website
The cloud delivers many benefits: agility, performance, scalability and cost management. However, there are risks that come along with those benefits: users and organizations that are not security conscious and those without cloud-specific security solutions can be in jeopardy if they do not properly research their deployment requirements and find proven solutions. Learn why an organization's security posture must extend from edge devices to the heart of the business -- the data center -- whether that data center is on-premises, within the cloud, or a hybrid.
September 24, 2014
Resource
sites/default/files/resource-media/pdf/wp_alert_logic_cloud_security_report_-_spring_20141.pdf
Protect
Craft an optimized cloud security plan using the proven framework in this guide. These seven sequential steps enable organizations to structure security and compliance programs that take advantage of the financial benefits of managed cloud applications and services while meeting security and compliance goals.
September 24, 2014
Resource
sites/default/files/resource-media/pdf/navisite_whitepaper_2lr.pdf
Protect
One hour webinar that walks through the Dell Mobile Clinical Computing solution and why you may want to consider it for your environment.
September 22, 2014
Resource
Protect
http://www.dell.com/learn/us/en/70/videos~en/documents~eseminar-mobile-clinical-computing.aspx
Learn how Mater Health improves access to clinical data with a virtual desktop environment built on robust Dell Wyse zero clients. Benefits experienced by Mater include improved speed of initial access to clinical data by 80% and projected increase of endpoint lifespan by 50%.
September 22, 2014
Resource
sites/default/files/resource-media/pdf/2013-mater-health-10012021.pdf
Protect
One of the enduring ironies when it comes to health IT is the contradiction between the understandable concern among healthcare stakeholders over data security and the apparent willingness of patients to share their own information. Two recent polls bear this out.
February 6, 2014
Blog
The recent FTC decision in the LabMD case has HIPAA-watchers scratching their heads, tugging their beards, and generally wondering about reconciling FTC-style litigation-based regulation with OCR-style rule-based regulation of health care data privacy and security.
January 30, 2014
Blog
IT may not get much credit when it comes to saving patient lives, but there's no denying that cloud technologies can help do just that. By making medical data immediately available to providers, cloud-enabled applications can share test results, identify medication allergies and improve patient outcomes.
January 29, 2014
Blog
Recently I was invited by the Patient Privacy Rights Foundation to lead a discussion that addressed patient privacy concerns and potential solutions for doctors working with EHRs.
January 27, 2014
Blog
2014 represents a transformative year for healthcare in the United States. Exciting innovations are making a significant impact on the industry, and I am hopeful that we will see a transformation across the industry to more consumer-centric and value-driven healthcare.
January 14, 2014
Blog
Here we go again! As I've stated many times before, no pictures in the hospital and no posting them on social networking sites.
December 9, 2013
Blog
The good news for patients is that their personal health information is becoming more secure all the time. But it takes unfortunate breaches, such as an event that occurred in Charlotte in August 2013, to highlight the need for increasingly stronger data-security provisions.
November 25, 2013
Blog
A common and somewhat unique aspect to EHR vendor contracts is that the EHR vendor lays claim to the data entered into their system. It confounds us as to why healthcare organizations let their vendors of choice get away with this.
November 19, 2013
Blog
The idea of risk management in information security has always been a bit difficult to pin down. For example, there is too little historical and behavioral data to identify trends or make predictions with confidence.
October 16, 2013
Blog
Organizations are showing a remarkable appetite to innovate using the latest in cloud technology, but also concerns over whether the cloud is secure enough to protect electronic patient health information. And everyone wants to know - is my service provider compliant?
September 20, 2013
Blog
There is no question that the resources required to process, analyze, and manage petabytes of genomic information represent a huge burden. That burden becomes even greater when one factors in the need to handle these data in compliance with an alphabet soup of regulatory regimes.
September 4, 2013
Blog
If you’re a healthcare provider who has shied away from the cloud due to security concerns, you could be making a grave mistake. In fact, moving to the cloud can increase data security.
August 29, 2013
Blog
Sage Healthcare Division, a unit of Sage North America, announced today that its client, Dr. Moore & Associates, a primary care practice in Brooklyn, NY, is among several of the company's clients to successfully attest to Stage 1 meaningful use under the Medicare EHR Incentive Program.
May 25, 2011
Press Release
A team from the Department of Veterans Affairs (VA) and Stanford University is exploring a new approach to clinical trials that experts say will cost less and be easier to translate into practice.
May 9, 2011
Press Release
Hannibal Regional Healthcare System, which operates a not-for-profit community hospital in northeast Missouri, has selected the Sunrise Enterprise suite of solutions from Allscripts.
May 6, 2011
Press Release
Selecting the correct software to use in a medical practice is critical for physicians, particularly now that all technology-based practices must be compliant with the government's updated standard for electronic claims transactions. The new standard, known as HIPAA Version 5010, will be required by January 1, 2012. The American Medical Association (AMA) and the Medical Group Management Association (MGMA) have made the software selection process easier by developing an online directory of software vendors that helps physicians determine whether the vendors’ practice management systems are compliant with the 5010 standard. A companion piece to the recently released Selecting a Practice Management System toolkit, the Practice Management System Software Directory provides detailed vendor profiles, enabling physicians to easily choose the software that best fits their needs.
April 28, 2011
Press Release
PhoneFactor, the leading global provider of phone-based authentication, today released the results of its recent survey on multi-factor authentication. The results indicate organizations that utilize security tokens, many of which are already frustrated with the burden tokens place on their IT departments and end users, are being driven to action by the recent RSA breach.
April 27, 2011
Press Release
CDW LLC (CDW), a leading provider of technology solutions to business, government, education and healthcare, today released the findings of its Video Conferencing Straw Poll Report. The report finds that half of companies use some form of video conferencing today and another quarter plan to implement the technology within the next two years. Video conferencing adoption, driven by reduced operating costs, improved decision making and improved communication, will branch out beyond simple peer-to-peer devices into more cutting-edge collaborative video conferencing systems, such as immersive telepresence.
April 25, 2011
Press Release
To ensure downtime access to current patient data after moving to electronic medical records (EMRs) and electronic medication administration records (eMARs), Hancock Regional Hospital in Greenfield, IN implemented NetSafe, Interbit Data's downtime protection and business continuance solution.
July 29, 2010
Press Release
Twin County Regional Hospital is expanding its McKesson Paragon hospital information system to increase efficiency and help improve patient safety across the entire medical community of Galax, Va. and surrounding areas.
January 8, 2010
Press Release