Privacy and Security

As more providers are using digital data, privacy and security issues have become a greater concern. Protecting confidential patient information is also a priority for IT vendors, who are interested in offering solutions that come equipped with heightened security features. The industry-wide transition to HIPAA 5010 code set comes with heightened emphasis on privacy of patient data content in provider transactions, since 5010 aims to ensure that only the "minimum necessary" personal health information required for business purposes is included in a transaction.

RELATED STORIES:
Privacy hindering EHR progress, say researchers
HHS proposes new privacy, security rules

 
In the second biggest HIPAA breach ever reported, one of the nation's largest healthcare systems has notified some 4.5 million of its patients that their personal information has been stolen by cybercriminals.
August 18, 2014
News
More than $26 billion has been invested, mostly in incentive payments to hospitals and eligible professionals who meaningfully use electronic health records. Yet just a small percentage of healthcare systems are electronically sharing data.
August 15, 2014
News
When asked how big his security team is at the 25-hospital Texas Health Resources, Chief Information Officer Ed Marx responds in a serious manner: "24,000" -- which happens to be the total number of people the health system employs.
August 15, 2014
News
To an industry waiting for more information on Apple's healthcare intentions, even a few crumbs here and there are too tasty to pass up. No word from Apple on timing yet, but Reuters has reported that anonymous sources revealed Apple has held HealthKit discussions with Mount Sinai, the Cleveland Clinic and Johns Hopkins, as well as Epic rival Allscripts.
August 14, 2014
News
With a nod to Apple and its famous 1997 TV spot, which highlighted doers and dreamers who colored outside the lines, we profile some of the 'crazy ones' who are helping transform health IT in new and unique ways.
August 12, 2014
News
There's been a lot of talk about compliance lately. Federal and state regulations. HIPAA regulations. But, if you're in charge of healthcare security, compliance is far from sufficient, says Jim Routh, chief information security officer for Aetna, one of the nation's leading diversified healthcare benefits companies.
August 6, 2014
News
ONC's electronic health record certification process has some serious shortcomings -- chief among them security practices that are wholly insufficient to adequately protect patient health information, according to a new report from the Office of Inspector General.
August 5, 2014
News
In many ways, mobile device security is an oxymoron in its current state. In fact, if you're using an Internet of Things-type device, chances are it has an average of 25 hidden vulnerabilities, according to new research, making it a ripe target for hackers.
July 30, 2014
News
A Rhode Island hospital, who nearly two years ago notified 14,000 patients of a HIPAA breach involving their data, agreed Wednesday to hand over $150,000 to settle allegations that it failed to safeguard patient information.
July 24, 2014
News
The joys of unintended consequences never end. The Patient Protection and Affordable Care Act required hospitals to get paid based on how much they improved their patients' health rather than on how many tests and procedures were completed. The intent was to improve patient care.
July 24, 2014
News
Johns Hopkins Health System will hand over $190 million to settle a class action privacy lawsuit involving one of its former gynecologists who secretly recorded video and captured photos of patient examinations.
July 22, 2014
News
MemorialCare Health System, a top 100 integrated delivery network, implemented awareness computing technology at the Orange Coast Memorial Medical Center in Fountain Valley, Calif. The goal is to provide roaming clinicians instant access to patient records throughout the hospital, while also ensuring top security.
July 21, 2014
News
Much of the news surrounding healthcare in recent years has centered on the Affordable Care Act (ACA), which radically changes the way healthcare is provided to millions of Americans. Care providers, compliance officers, and legal departments are all too aware that the ACA is only the latest in a series of legislation and regulations to affect the healthcare industry over the past 20 years. Read this white paper and learn how affordable software tools now exist in order to conduct remote investigations quickly without paying a third-party service provider. In addition, you’ll learn how for many mid-sized organization in and around the healthcare industry, these investigations are slow and costly.
June 16, 2014
Resource
sites/default/files/resource-media/pdf/qs_healthcare_exec-brief_060514_approved_gsi.pdf
Protect
The increasing fluidity and proliferation of protected health information (PHI) on the web and mobile devices has created many new avenues for cyber attacks and the theft of personal health information. In fact, the Federal Bureau of Investigation (FBI) just released a warning to the healthcare industry recognizing the vulnerability of electronic health records (EHR). This report offers real insight from healthcare IT executives on the threats targeting healthcare data and the top ten recommendations for maintaining privacy in a mobile environment.
May 29, 2014
Resource
sites/default/files/resource-media/pdf/iht2-10-steps-data-privacy-changing-mobile-world.pdf
Protect
Cloud computing is still a nascent market in the healthcare industry, yet healthcare organizations are beginning to incorporate the ability to use remote servers and networks to store, manage and process data into their short- and long-term plans. This in depth paper with actionable insight from industry leading speakers at the executive briefing is designed to help you navigate issues of moving to the cloud, new models of care, seizing the right opportunities and overcoming barriers.
May 20, 2014
Resource
sites/default/files/resource-media/pdf/verizon_event_briefing_wp.pdf
Protect
HIPAA-compliant hosting can help healthcare organizations address issues in the areas of cost containment, cost predictability, rapid application rollout and expertise utilization. Any healthcare-related organization, including Business Associates of HIPAA Covered Entities, should consider the use of a well-qualified cloud provider that can host patient portals, health information exchanges, email and other services that healthcare organizations must manage. This white paper addresses some of the key issues in healthcare management and how a well-qualified, compliant hosting provider can help organizations to reduce costs and better meet their obligations. Understand the key focus areas on fulfilling Meaningful Use Stage 2 requirements, managing medical image archives, enabling application decommissioning, implementing Disaster Recovery for EHR and EMR, and HIPAA-Compliant Hosting.
May 16, 2014
Resource
sites/default/files/resource-media/pdf/lw_wp_key_issues_in_healthcare_compliance_and_cost2.pdf
Protect
Healthcare cybersecurity is rapidly coming into focus as a pressing need. Recent FBI reports and data breach events underscore what industry insiders already know - healthcare needs solutions for properly protecting information. Because healthcare must also deal with shrinking reimbursement and uncertain regulatory pressures, these solutions must be practical, effective, and facilitate patient care. To learn more about Cybersecurity in the healthcare space and its importance, please join Leidos Health for this free webinar.
May 14, 2014
Resource
Do Not Protect
http://himssmediawebinars.com/registration/webinar/healthcare-cybersecurity-3-practical-solutions?affiliatedata=website
Learn the challenges healthcare organizations have in locking down their HIPAA compliant applications in the cloud. See the latest data breaches and solutions to keeping your ePHI protected in the cloud.
March 25, 2014
Resource
sites/default/files/resource-media/pdf/firehost-locking-down-the-cloud-health-2014.pdf
Protect
Read through valuable insights on the changing landscape of the Healthcare IT industry today. Learn about leading practices from our thought leaders and their strategic thinking through a series of interviews by Deloitte’s key industry leaders, client interviews, research and thought leadership articles on government reform, new risk-based models such as value-based care, M&A activities, growing patient populations and increased competition amid shrinking resources that are driving transformation.
February 17, 2014
Resource
Protect
http://www.pageturnpro.com/MedTech-Media/56077-The-Innovator-Hospital-Poised-to-Deliver-Future-Care/index.html
Collaborative care offers tremendous benefit for patients, but demands PHI accessibility across the complex healthcare environment and across multiple users and locations. Information sharing without the worry of unauthorized access or a data breach is critical to ensure patient trust and avoid regulatory fines. In a business that’s constantly changing with new technologies, such as cloud and BYOD, and offering new ways of interacting with patients and providers, the need for secure access to patient data is critical. Download the latest RSA white paper, “Cybercrime and the Healthcare Industry,” to learn about the latest cyber threats targeting patient data and key areas of consideration in implementing security and access controls to address HIPAA, Meaningful Use, and other regulations.
February 14, 2014
Resource
sites/default/files/resource-media/pdf/cybhc_wp_0713.pdf
Protect
From online shopping and banking to accessing personal health information, consumers are moving more of their personal lives to the Web. The explosion of digital identities and loss of customer information from data breaches is driving the need for effective consumer-facing authentication and access management tools. Yet, many organizations lack adequate controls to secure access to their consumer Web portals out of fear of disrupting the user experience. The latest Forrester Research report, “Consumer Web Portals: Platforms at Significant Security Risk,” where you will gain insight on the risks and threats.
February 14, 2014
Resource
sites/default/files/resource-media/pdf/consumer_web_portals_-_platforms_at_significant_risk_december_2013.pdf
Protect
For enterprises looking at NGFWs, the most important consideration is: Will this new technology empower your security teams to securely enable applications to the benefit of the organization? It's not about blocking applications, but safely enabling these applications at the firewall.
January 31, 2014
Resource
sites/default/files/resource-media/pdf/10-things.pdf
Protect
Cybersecurity has become a leading topic both within and beyond the corporate boardroom. What enterprises need to stop the escalation of cyberattacks is a network security approach that is designed from the outset to enable the safe use of the applications and technologies required to support a thriving business.
January 31, 2014
Resource
sites/default/files/resource-media/pdf/cybersecurity-imperatives.pdf
Protect
This paper examines three different organizations, the legacy infrastructure they replaced, the Palo Alto Networks next generation security platform they deployed, and the substantial savings they realized - cutting both capital and operations costs by an average of 50%.
January 31, 2014
Resource
sites/default/files/resource-media/pdf/reducing-costs-with-nextgen-security.pdf
Protect
While role-based access control has uses in every industry, healthcare systems in particular can benefit from a proper implementation of these solutions.
August 26, 2013
Blog
As healthcare providers rely more and more on evolving technologies to store and transmit their data, compliance has become an increasingly complex landscape to navigate.
August 2, 2013
Blog
I have been following the news about the National Security Agency (NSA) access to our phone records with great interest. If we as a society don’t sort some of this out, we’ll see a repeat in the health sector a few years from now.
June 26, 2013
Blog
The vision, as described by Amit Singhal, who is in charge of search for Google, is that instead of typing words into a box, we will have conversations with Google, enabling a much more personalized experience. If you apply this thinking to healthcare, several controversies/topics come to the fore.
May 24, 2013
Blog
Every organization is considering “cloud” approaches for their business, yet if you ask “what is cloud” you’ll get a wide range of answers. This variety of cloud options has an impact on healthcare organizations, especially those contemplating a future cloud strategy aligned to regulatory compliance.
May 6, 2013
Blog
If you’re an IT vendor who services healthcare clients, you’re no doubt well-acquainted with HIPAA compliance rules. And chances are that lately you’ve been hearing rumblings about the new HIPAA Omnibus rule.
April 26, 2013
Blog
All organizations have a business imperative to control risk. For healthcare companies that corporate responsibility extends to the protection of ePHI within their organization.
April 3, 2013
Blog
To put it mildly, the transition to EHRs comes freighted with a whole host of expectations.
February 7, 2013
Blog
Were you run over by the HIPAA bus yesterday? The Omnibus final rule finally landed with a crunch last night. If you check out #HIPAAbus, you'll see my notes from my blaze through with page numbers.
January 18, 2013
Blog
t’s time for some New Year’s resolutions; and they have nothing to do with eating right, losing weight or exercising. Instead, they have everything to do with protecting against the organizational and financial stresses of data breaches.
January 8, 2013
Blog
As I travel the country, I find that CIOs everywhere are struggling with BYOD in particular but remote access more generally.
November 30, 2012
Blog
Just two and a half years after hosting a workshop on the HIPAA Privacy Rule's de-identification standard, OCR has issued its "Guidance Regarding Methods for De-identification of Protected Health Information in Accordance with the Health Insurance Portability and Accountability Act (HIPAA) Privacy Rule."
November 29, 2012
Blog