Privacy and Security

As more providers are using digital data, privacy and security issues have become a greater concern. Protecting confidential patient information is also a priority for IT vendors, who are interested in offering solutions that come equipped with heightened security features. The industry-wide transition to HIPAA 5010 code set comes with heightened emphasis on privacy of patient data content in provider transactions, since 5010 aims to ensure that only the "minimum necessary" personal health information required for business purposes is included in a transaction.

RELATED STORIES:
Privacy hindering EHR progress, say researchers
HHS proposes new privacy, security rules

 
If you knew that assailants or robbers had continuous access to your house, how would that change the way you manage home security? And if the door and window locks, fences, even the big-ticket alarm systems were not enough?
December 5, 2014
News
The message cut straight to the chase: “d0xes of your staff are next. HIPAA breach thereafter. Test us.”
December 5, 2014
News
What do consumers and clinicians consider to be the top 10 issues for the $2.8 trillion healthcare industry in the coming new year? The answers may surprise you.
December 4, 2014
News
Your organization can have the most well-crafted privacy and security policies in the world. But if those policies are accompanied by lukewarm emphasis and no accountability, or your staff just downright ignores them, you have a big security problem -- just like the folks at one Ohio-based health system did last week.
December 2, 2014
News
A stamp of approval from the U.S. Food and Drug Administration doesn't necessarily mean mobile medical apps are safe from hackers. Some 90 percent of Android healthcare apps have been hacked, according to a new report, with 22 percent of those apps okayed by the FDA.
December 1, 2014
News
Lucia Savage, who joined the National Coordinator for Health IT as chief privacy officer this past month, will join other top security officials from the HHS Office for Civil Rights and the U.S. Food and Drug Administration on a panel at the HIMSS Media Privacy & Security Forum at the mHealth Summit on December 7.
November 25, 2014
News
Beth Israel Deaconess Medical Center will pay $100,000 to the state of Massachusetts after one of its physicians failed to follow the hospital's laptop encryption policy and an unencrypted laptop was stolen.
November 24, 2014
News
As debate swirls about a recent Institute of Medicine report suggesting that electronic health records collect more non-clinical patient data for population health research, a new poll suggest patients are mostly willing to offer access to anonymized health information -- but only to an extent.
November 24, 2014
News
Jay Radcliffe breaks into medical devices for a living, testing for vulnerabilities as a security researcher. He's also a diabetic and gives himself insulin injections instead of relying on an automated insulin pump, which he says could be hacked.
November 19, 2014
News
What are the responsibilities of covered entities when an encrypted laptop or device is stolen, but the passcodes are handed over in the theft as well? A recent robbery reported by Boston's Brigham and Women's Hospital may shed some light on these tricky situations.
November 18, 2014
News
Chris Crowley, who says he spent his teenage years "logging into servers all over the world with pretty much free reign," will offer his thoughts on hacking -- ethical and otherwise -- at the mHealth Summit symposium "BYOD and MDM: Managing Risk on the Mobile Perimeter."
November 12, 2014
News
A state insurance plan subcontractor is at the center of a serious security incident after hackers gained three months of unfettered access to its computer system, compromising thousands of members' health records.
November 12, 2014
News
Learn how to build a risk-stratified response plan to secure medical data whenever a visual privacy incident is reported to limit potential harm to patients and the organization.
August 21, 2014
Resource
sites/default/files/resource-media/pdf/3msdp2301_h4_hc_privacybreach_081314.pdf
Protect
Identify the risks, review healthcare compliance issues, and consider recommended solutions to help protect medical data on mobile devices.
August 21, 2014
Resource
sites/default/files/resource-media/pdf/3msdp2301_h2_hc_compliancerisks_081314.pdf
Protect
Establish security controls to examine how healthcare officials can better address low-tech vulnerabilities like human error and a lack of visual privacy, that can help companies remain compliant with HIPAA regulation.
August 21, 2014
Resource
sites/default/files/resource-media/pdf/3msdp2301_h1_hc_privacyconcerns_081314.pdf
Protect
Patient safety and the reduction of medical errors are key drivers in the healthcare industry today. To address these needs, more and more providers are using laser-printed patient wristbands at the critical juncture of admitting patients to the facility. Wristbands that stay on the patient and remain readable after repeated use and extended treatments need to be easy to print, easy to read, and cost effective to deploy.
July 10, 2014
Resource
sites/default/files/resource-media/pdf/hp_solution_brief_-_gain_efficiences_improve_patient_safety_-_hp_patient_identification_solution.pdf
Protect
A major Southeastern U.S. healthcare system needed to securely issue prescriptions directly from its two electronic medical record (EMR) systems: one for its hospitals and another for its clinics. Secure printing across the entire printer network was vital to reduce the risk of fraud and meet stringent government regulations. The HP Prescription Printing Security Solution was selected to meet this challenge.
July 10, 2014
Resource
sites/default/files/resource-media/pdf/hp_solution_brief_-_secure_simplify_save_-_hp_prescription_printing_solution.pdf
Protect
Uncontrolled print environments in a hospital setting can present a serious risk to patient privacy, profit, institutional security, and profitability. You must protect sensitive information, secure devices, and improve 7x24 device availability in critical clinical environments to provide the care patients need and expect. To gain better control, you need to implement plans that meet industry regulations while also increasing productivity, lowering costs, and providing more flexible scanning and printing solutions for staff and clinicians.
July 10, 2014
Resource
sites/default/files/resource-media/pdf/hp_solution_brief_-_control_safeguard_comply_-_hp_access_control.pdf
Protect
As healthcare leaders work to protect patients, their data, and comply with federal requirements, independent audits routinely expose a common blind spot and springboard for patient data breaches and even misdiagnoses: connected medical devices. From data loss to patient harm, hefty penalties and jail time, learn how to pinpoint and counter the hidden risks that can impair your organization's healthcare delivery, patient data security and compliance.
July 9, 2014
Resource
Do Not Protect
http://himssmediawebinars.com/registration/webinar/acing-audit-how-medical-devices-impact-your-hipaa-meaningful-use-and-fda-compli?affiliatedata=website
Much of the news surrounding healthcare in recent years has centered on the Affordable Care Act (ACA), which radically changes the way healthcare is provided to millions of Americans. Care providers, compliance officers, and legal departments are all too aware that the ACA is only the latest in a series of legislation and regulations to affect the healthcare industry over the past 20 years. Read this white paper and learn how affordable software tools now exist in order to conduct remote investigations quickly without paying a third-party service provider. In addition, you’ll learn how for many mid-sized organization in and around the healthcare industry, these investigations are slow and costly.
June 16, 2014
Resource
sites/default/files/resource-media/pdf/qs_healthcare_exec-brief_060514_approved_gsi.pdf
Protect
The increasing fluidity and proliferation of protected health information (PHI) on the web and mobile devices has created many new avenues for cyber attacks and the theft of personal health information. In fact, the Federal Bureau of Investigation (FBI) just released a warning to the healthcare industry recognizing the vulnerability of electronic health records (EHR). This report offers real insight from healthcare IT executives on the threats targeting healthcare data and the top ten recommendations for maintaining privacy in a mobile environment.
May 29, 2014
Resource
sites/default/files/resource-media/pdf/iht2-10-steps-data-privacy-changing-mobile-world.pdf
Protect
Cloud computing is still a nascent market in the healthcare industry, yet healthcare organizations are beginning to incorporate the ability to use remote servers and networks to store, manage and process data into their short- and long-term plans. This in depth paper with actionable insight from industry leading speakers at the executive briefing is designed to help you navigate issues of moving to the cloud, new models of care, seizing the right opportunities and overcoming barriers.
May 20, 2014
Resource
sites/default/files/resource-media/pdf/verizon_event_briefing_wp.pdf
Protect
HIPAA-compliant hosting can help healthcare organizations address issues in the areas of cost containment, cost predictability, rapid application rollout and expertise utilization. Any healthcare-related organization, including Business Associates of HIPAA Covered Entities, should consider the use of a well-qualified cloud provider that can host patient portals, health information exchanges, email and other services that healthcare organizations must manage. This white paper addresses some of the key issues in healthcare management and how a well-qualified, compliant hosting provider can help organizations to reduce costs and better meet their obligations. Understand the key focus areas on fulfilling Meaningful Use Stage 2 requirements, managing medical image archives, enabling application decommissioning, implementing Disaster Recovery for EHR and EMR, and HIPAA-Compliant Hosting.
May 16, 2014
Resource
sites/default/files/resource-media/pdf/lw_wp_key_issues_in_healthcare_compliance_and_cost2.pdf
Protect
Healthcare cybersecurity is rapidly coming into focus as a pressing need. Recent FBI reports and data breach events underscore what industry insiders already know - healthcare needs solutions for properly protecting information. Because healthcare must also deal with shrinking reimbursement and uncertain regulatory pressures, these solutions must be practical, effective, and facilitate patient care. To learn more about Cybersecurity in the healthcare space and its importance, please join Leidos Health for this free webinar.
May 14, 2014
Resource
Do Not Protect
http://himssmediawebinars.com/registration/webinar/healthcare-cybersecurity-3-practical-solutions?affiliatedata=website
While role-based access control has uses in every industry, healthcare systems in particular can benefit from a proper implementation of these solutions.
August 26, 2013
Blog
As healthcare providers rely more and more on evolving technologies to store and transmit their data, compliance has become an increasingly complex landscape to navigate.
August 2, 2013
Blog
I have been following the news about the National Security Agency (NSA) access to our phone records with great interest. If we as a society don’t sort some of this out, we’ll see a repeat in the health sector a few years from now.
June 26, 2013
Blog
The vision, as described by Amit Singhal, who is in charge of search for Google, is that instead of typing words into a box, we will have conversations with Google, enabling a much more personalized experience. If you apply this thinking to healthcare, several controversies/topics come to the fore.
May 24, 2013
Blog
Every organization is considering “cloud” approaches for their business, yet if you ask “what is cloud” you’ll get a wide range of answers. This variety of cloud options has an impact on healthcare organizations, especially those contemplating a future cloud strategy aligned to regulatory compliance.
May 6, 2013
Blog
If you’re an IT vendor who services healthcare clients, you’re no doubt well-acquainted with HIPAA compliance rules. And chances are that lately you’ve been hearing rumblings about the new HIPAA Omnibus rule.
April 26, 2013
Blog
All organizations have a business imperative to control risk. For healthcare companies that corporate responsibility extends to the protection of ePHI within their organization.
April 3, 2013
Blog
To put it mildly, the transition to EHRs comes freighted with a whole host of expectations.
February 7, 2013
Blog
Were you run over by the HIPAA bus yesterday? The Omnibus final rule finally landed with a crunch last night. If you check out #HIPAAbus, you'll see my notes from my blaze through with page numbers.
January 18, 2013
Blog
t’s time for some New Year’s resolutions; and they have nothing to do with eating right, losing weight or exercising. Instead, they have everything to do with protecting against the organizational and financial stresses of data breaches.
January 8, 2013
Blog
As I travel the country, I find that CIOs everywhere are struggling with BYOD in particular but remote access more generally.
November 30, 2012
Blog
Just two and a half years after hosting a workshop on the HIPAA Privacy Rule's de-identification standard, OCR has issued its "Guidance Regarding Methods for De-identification of Protected Health Information in Accordance with the Health Insurance Portability and Accountability Act (HIPAA) Privacy Rule."
November 29, 2012
Blog