Privacy and Security

As more providers are using digital data, privacy and security issues have become a greater concern. Protecting confidential patient information is also a priority for IT vendors, who are interested in offering solutions that come equipped with heightened security features. The industry-wide transition to HIPAA 5010 code set comes with heightened emphasis on privacy of patient data content in provider transactions, since 5010 aims to ensure that only the "minimum necessary" personal health information required for business purposes is included in a transaction.

RELATED STORIES:
Privacy hindering EHR progress, say researchers
HHS proposes new privacy, security rules

 
In the first settlement of its kind, Skagit County, Washington will pay the Department of Health and Human Services $215,000 to make up for deficiencies in its HIPAA compliance program.
March 10, 2014
News
Some 168,500 people are getting HIPAA breach notification letters after unencrypted computers were stolen from a city's public health and health services departments, officials announced Thursday.
March 7, 2014
News
In a year where "compliance and enforcement is really where the action is going to be," it might help to have some advice on how to keep on the right side of patient privacy law.
March 5, 2014
News
The Care Connectivity Consortium, which links five powerhouse providers in a nationwide data exchange collaborative, added a sixth member earlier this week at HIMSS14.
February 28, 2014
News
HIPAA "has seen a lot of action lately," said Susan McAndrew, deputy director for health information privacy at the Department for Health and Human Services' Office For Civil Rights, at HIMSS14 on Monday.
February 24, 2014
News
Protecting your hospital's data is no longer just about managing the systems inside your enterprise. Changes being considered in federal privacy regulations are prompting the legal counsel at many hospitals to begin looking at the security policies of contractors and even sub-contractors.
February 24, 2014
News
Who's responsible when a medical device breaks down or is hacked -- the manufacturer who made it or the healthcare provider who's using it?
February 23, 2014
News
The findings of a new HIMSS healthcare security report have been released, and the data may surprise you.
February 20, 2014
News
IT security is complicated, made even more so by the dynamic nature of technology and the ever challenging threat landscape. It may be best to think of IT security as a chronic illness, a condition that requires ongoing treatment, testing, and re-evaluations.
February 19, 2014
News
Onsite Occupational Health and Safety has tapped UPMC to provide second opinions and medical consultations in Afghanistan via telemedicine services.
February 19, 2014
News
Federal HIPAA violation penalties may be capped at $1.5 million per incident per year, but there's also state and regional fines for those disregarding privacy and security laws. And one health group is learning that the hard way.
February 18, 2014
News
Whether looking to draw attention to their practices, experiment with new technology or simply have a bit of fun with their otherwise dreary financial operations, several American medical professionals are now accepting bitcoins, the Web-based virtual currency, in addition to dollars.
February 18, 2014
News
Iron Mountain has prepared this primer to help you navigate the changes in HIPAA, clarify the role of vendors and other third parties, and heighten your awareness of best practices that will aid in compliance and improve the management of both paper and electronic health records.
October 21, 2013
Resource
sites/default/files/resource-media/pdf/hipaa_primer-andthe-omnibus_final_rule_2013.pdf
Protect
Many healthcare organizations are recognizing the need for a more efficient and effective approach for addressing the HIPAA Security and Privacy rules, and other evolving compliance and security challenges. This paper explores one such solution: unified security monitoring. Unified security monitoring goes well beyond simplifying and automating HIPAA compliance. With always-on coverage and protection, it provides a mechanism for strengthening a healthcare organization’s overall security posture, while reducing ongoing operational risk.
October 9, 2013
Resource
sites/default/files/resource-media/pdf/tenable_for_healthcare_compliance_1.pdf
Protect
Are you prepared for the HITECH Omnibus Final Rule effective Sept 23, 2013? The final ruling has far reaching authority and penalties for noncompliance; unfortunately, most are unclear what the requirements mean for their organization and how to secure protected health information (PHI).
September 17, 2013
Resource
Do Not Protect
http://www.medtechwebinars.com/registration/webinar/addressing-final-hipaa-omnibus-rule-and-securing-protected-health-information?affiliatedata=website
Healthcare organizations are increasingly dependent on web-based technologies to improve patient engagement and address government incentive and regulatory requirements. The success of electronic healthcare record (EHR) initiatives depend on how effectively patients can obtain and manage their health related information securely online.
August 28, 2013
Resource
Do Not Protect
http://www.medtechwebinars.com/registration/webinar/securing-patient-portals-what-you-need-know-comply-hipaa-and-meaningful-use?affiliatedata=website
Patient engagement and electronic HIE are the game changers of Stage 2 meaningful use requirements, which were designed to further expand the meaningful use of certified EHR technology. For patient engagement, the Centers for Medicare and Medicaid Services added two core objectives – providing patients with online access to health information and providing secure messaging between patient and provider. This white paper highlights results from a study conducted by IDR Medical GmbH that surveyed 1,000 U.S.-based patients regarding their attitude toward patient portal technologies. Find out why the results show strong validation for imaging portal demand and need.
August 28, 2013
Resource
sites/default/files/resource-media/pdf/carestream_white_paper_updated_082813.pdf
Protect
Cloud-based Microsoft Exchange service features all the mission critical enterprise-class communication and collaboration capabilities of an in-house solution without the unpredictable costs and management headaches. With flexible customization options, healthcare organizations can seamlessly move to a cloud-based solution without compromising security or altering their current encryption approach.
May 23, 2013
Resource
sites/default/files/resource-media/pdf/apptix_whitepaper_cloudreliabilitycost_0423_final.pdf
Protect
Hospitals and health systems have invested significant funds and other resources to meet numerous strategic enterprise initiatives such as ICD-10, Meaningful Use, HIPAA requirements, whether to join or form an ACO, and others. Executives from four major health systems came together for a roundtable discussion on how employing an integrated strategy has helped them overcome challenges and achieve goals. <br> </br> Learn how leading healthcare organizations are:<br> </br> • Educating stakeholders on the ultimate benefits of the initiatives<br> • Adopting methodologies that streamline workflows and reduce costs<br> • Sharing information and promoting best practices across the enterprise<br> • Avoiding initiatives being deployed in silos<br> • Knowing when to partner with trusted organizations to achieve initiatives more rapidly and efficiently<br>
April 30, 2013
Resource
sites/default/files/resource-media/pdf/roundtable_article_final.pdf
Protect
What are the most important questions to ask when selecting a secure texting solution? Find out what really matters by reading this whitepaper on the 10 most important things to know when evaluating a solution.
April 19, 2013
Resource
sites/default/files/resource-media/pdf/tigertext_white_paper_-_top_10_considerations_when_selecting_a_secure_text_messaging_solution.pdf
Protect
Cloud-based Microsoft Exchange service features all the mission critical enterprise-class communication and collaboration capabilities of an in-house solution without the unpredictable costs and management headaches. With flexible customization options, healthcare organizations can seamlessly move to a cloud-based solution without compromising security or altering their current encryption approach.
April 2, 2013
Resource
sites/default/files/resource-media/pdf/apptix_whitepaper_cloudreliability_final.pdf
Protect
This report outlines the future look of Forrester's solution for security and risk (S&R) executives working on building an identity and access management strategy for the extended enterprise. This report will help you understand the major business and IT trends affecting identity and access management (IAM) during the next five years. Learn why applying a Zero Trust information security model to IAM helps security teams unify and improve access control across the extended enterprise.
March 22, 2013
Resource
sites/default/files/resource-media/pdf/forrester_navigate_the_future_of_identity_and_access_management_final.pdf
Protect
Healthcare IT departments must defend against complex internal and external threats while still maintaining compliance with HIPAA/HITCH. The same is true for businesses of all kinds – they are simply overwhelmed. Clearly, organizational risk management has reached a critical juncture. A July 2012 IDG Research Services poll of CIOs and IT managers underscores the gravity of the situation. The results provide important data about how enterprises view compliance overall, and identity management and access governance in particular.
March 22, 2013
Resource
sites/default/files/resource-media/pdf/white_paper_idg_why_it_pays_to_take_a_busines-centric_approach_to_compli.pdf
Protect
Organizations of all kinds, including those in the healthcare industry, are doing business in new ways, thanks to new IT infrastructure technologies like virtualization, cloud computing and mobility, which are changing how users interact with information and with each other. As the enterprise becomes more interconnected and distributed, business agility increases; but information security specialists face new challenges around maintaining effective security and monitoring controls.
March 22, 2013
Resource
sites/default/files/resource-media/pdf/netiq_wp_realtimesecurityintelligence_print.pdf
Protect
There is no question that the resources required to process, analyze, and manage petabytes of genomic information represent a huge burden. That burden becomes even greater when one factors in the need to handle these data in compliance with an alphabet soup of regulatory regimes.
September 4, 2013
Blog
If you’re a healthcare provider who has shied away from the cloud due to security concerns, you could be making a grave mistake. In fact, moving to the cloud can increase data security.
August 29, 2013
Blog
While role-based access control has uses in every industry, healthcare systems in particular can benefit from a proper implementation of these solutions.
August 26, 2013
Blog
As healthcare providers rely more and more on evolving technologies to store and transmit their data, compliance has become an increasingly complex landscape to navigate.
August 2, 2013
Blog
I have been following the news about the National Security Agency (NSA) access to our phone records with great interest. If we as a society don’t sort some of this out, we’ll see a repeat in the health sector a few years from now.
June 26, 2013
Blog
The vision, as described by Amit Singhal, who is in charge of search for Google, is that instead of typing words into a box, we will have conversations with Google, enabling a much more personalized experience. If you apply this thinking to healthcare, several controversies/topics come to the fore.
May 24, 2013
Blog
Every organization is considering “cloud” approaches for their business, yet if you ask “what is cloud” you’ll get a wide range of answers. This variety of cloud options has an impact on healthcare organizations, especially those contemplating a future cloud strategy aligned to regulatory compliance.
May 6, 2013
Blog
If you’re an IT vendor who services healthcare clients, you’re no doubt well-acquainted with HIPAA compliance rules. And chances are that lately you’ve been hearing rumblings about the new HIPAA Omnibus rule.
April 26, 2013
Blog
All organizations have a business imperative to control risk. For healthcare companies that corporate responsibility extends to the protection of ePHI within their organization.
April 3, 2013
Blog
To put it mildly, the transition to EHRs comes freighted with a whole host of expectations.
February 7, 2013
Blog
Were you run over by the HIPAA bus yesterday? The Omnibus final rule finally landed with a crunch last night. If you check out #HIPAAbus, you'll see my notes from my blaze through with page numbers.
January 18, 2013
Blog
t’s time for some New Year’s resolutions; and they have nothing to do with eating right, losing weight or exercising. Instead, they have everything to do with protecting against the organizational and financial stresses of data breaches.
January 8, 2013
Blog
A team from the Department of Veterans Affairs (VA) and Stanford University is exploring a new approach to clinical trials that experts say will cost less and be easier to translate into practice.
May 9, 2011
Press Release
Hannibal Regional Healthcare System, which operates a not-for-profit community hospital in northeast Missouri, has selected the Sunrise Enterprise suite of solutions from Allscripts.
May 6, 2011
Press Release
Selecting the correct software to use in a medical practice is critical for physicians, particularly now that all technology-based practices must be compliant with the government's updated standard for electronic claims transactions. The new standard, known as HIPAA Version 5010, will be required by January 1, 2012. The American Medical Association (AMA) and the Medical Group Management Association (MGMA) have made the software selection process easier by developing an online directory of software vendors that helps physicians determine whether the vendors’ practice management systems are compliant with the 5010 standard. A companion piece to the recently released Selecting a Practice Management System toolkit, the Practice Management System Software Directory provides detailed vendor profiles, enabling physicians to easily choose the software that best fits their needs.
April 28, 2011
Press Release
PhoneFactor, the leading global provider of phone-based authentication, today released the results of its recent survey on multi-factor authentication. The results indicate organizations that utilize security tokens, many of which are already frustrated with the burden tokens place on their IT departments and end users, are being driven to action by the recent RSA breach.
April 27, 2011
Press Release
CDW LLC (CDW), a leading provider of technology solutions to business, government, education and healthcare, today released the findings of its Video Conferencing Straw Poll Report. The report finds that half of companies use some form of video conferencing today and another quarter plan to implement the technology within the next two years. Video conferencing adoption, driven by reduced operating costs, improved decision making and improved communication, will branch out beyond simple peer-to-peer devices into more cutting-edge collaborative video conferencing systems, such as immersive telepresence.
April 25, 2011
Press Release
To ensure downtime access to current patient data after moving to electronic medical records (EMRs) and electronic medication administration records (eMARs), Hancock Regional Hospital in Greenfield, IN implemented NetSafe, Interbit Data's downtime protection and business continuance solution.
July 29, 2010
Press Release
Twin County Regional Hospital is expanding its McKesson Paragon hospital information system to increase efficiency and help improve patient safety across the entire medical community of Galax, Va. and surrounding areas.
January 8, 2010
Press Release