Privacy and Security

As more providers are using digital data, privacy and security issues have become a greater concern. Protecting confidential patient information is also a priority for IT vendors, who are interested in offering solutions that come equipped with heightened security features. The industry-wide transition to HIPAA 5010 code set comes with heightened emphasis on privacy of patient data content in provider transactions, since 5010 aims to ensure that only the "minimum necessary" personal health information required for business purposes is included in a transaction.

RELATED STORIES:
Privacy hindering EHR progress, say researchers
HHS proposes new privacy, security rules

 
As anyone who's ever worked for IT security can attest, the job is no walk in the park. New threats, compliance mandates, vulnerabilities and updates are constant. But with strong leadership, and a culture of compliance and responsibility to match, many healthcare organizations have shown it can be done right -- and well.
June 13, 2014
News
A Northern California hospital is reevaluating its security policies after an unencrypted USB drive containing the protected health information of nearly 34,000 patients was stolen from an employee's unlocked locker.
June 13, 2014
News
After nearly five years at the Office of the National Coordinator for Health IT, Chief Privacy Officer Joy Pritts will be leaving her post later this summer.
June 12, 2014
News
Kevin Johnson is a professional hacker -- albeit a self-described ethical one. As head of the security consulting firm Secure Ideas, his job involves probing into organizations' networks and applications to identify vulnerabilities. What he sees in healthcare terrifies him.
June 11, 2014
News
The University of Cincinnati Medical Center is at the center of a legal battle that is the nightmare of every healthcare organization corporate counsel. The allegation is that a financial services employee of the hospital accessed the detailed billing records of a patient with a sexually transmitted disease and deliberately and maliciously published those records on Facebook, taunting and ridiculing the patient.
June 10, 2014
News
A Pennsylvania-based hospital is notifying nearly 2,000 patients of a HIPAA breach after an employee accessed and transmitted patients' protected health data outside of the hospital's secure network.
June 9, 2014
News
Does your organization have a comprehensive data governance program? If not, you're not alone. But you're also not close to where you should be if you want to provide better care at lower cost, according to a new report.
June 4, 2014
News
Healthcare's all about the patients, right? But far too often, there's a disconnect -- the idea that the care ends when the patient exits the building or a diagnosis is made, the idea that clinical deals with clinical and information technology deals with IT.
June 4, 2014
News
As the Cleveland Clinic adds its prestigious name to the hospital groups that have embraced next-generation medical kiosks, healthcare IT executives are wrestling with the powerful pros and cons of such a move.
June 4, 2014
News
Apple on Monday touted its working with the Mayo Clinic as it rolled out an app that would piece together healthcare information from many third-party apps -- including one from Mayo -- to give consumers a comprehensive medical view on a mobile device.
June 3, 2014
News
More than twice as many people as first suspected have been put at risk by a massive data breach at UPMC health system.
June 2, 2014
News
In its newly released semiannual report to Congress, OIG says it focused on "core risk areas" associated with the marketplaces, including eligibility systems, payment accuracy, contractor oversight, and data security.
May 30, 2014
News
Many healthcare organizations are recognizing the need for a more efficient and effective approach for addressing the HIPAA Security and Privacy rules, and other evolving compliance and security challenges. This paper explores one such solution: unified security monitoring. Unified security monitoring goes well beyond simplifying and automating HIPAA compliance. With always-on coverage and protection, it provides a mechanism for strengthening a healthcare organization’s overall security posture, while reducing ongoing operational risk.
October 9, 2013
Resource
sites/default/files/resource-media/pdf/tenable_for_healthcare_compliance_1.pdf
Protect
Are you prepared for the HITECH Omnibus Final Rule effective Sept 23, 2013? The final ruling has far reaching authority and penalties for noncompliance; unfortunately, most are unclear what the requirements mean for their organization and how to secure protected health information (PHI).
September 17, 2013
Resource
Do Not Protect
http://www.medtechwebinars.com/registration/webinar/addressing-final-hipaa-omnibus-rule-and-securing-protected-health-information?affiliatedata=website
Healthcare organizations are increasingly dependent on web-based technologies to improve patient engagement and address government incentive and regulatory requirements. The success of electronic healthcare record (EHR) initiatives depend on how effectively patients can obtain and manage their health related information securely online.
August 28, 2013
Resource
Do Not Protect
http://www.medtechwebinars.com/registration/webinar/securing-patient-portals-what-you-need-know-comply-hipaa-and-meaningful-use?affiliatedata=website
Patient engagement and electronic HIE are the game changers of Stage 2 meaningful use requirements, which were designed to further expand the meaningful use of certified EHR technology. For patient engagement, the Centers for Medicare and Medicaid Services added two core objectives – providing patients with online access to health information and providing secure messaging between patient and provider. This white paper highlights results from a study conducted by IDR Medical GmbH that surveyed 1,000 U.S.-based patients regarding their attitude toward patient portal technologies. Find out why the results show strong validation for imaging portal demand and need.
August 28, 2013
Resource
sites/default/files/resource-media/pdf/carestream_white_paper_updated_082813.pdf
Protect
Cloud-based Microsoft Exchange service features all the mission critical enterprise-class communication and collaboration capabilities of an in-house solution without the unpredictable costs and management headaches. With flexible customization options, healthcare organizations can seamlessly move to a cloud-based solution without compromising security or altering their current encryption approach.
May 23, 2013
Resource
sites/default/files/resource-media/pdf/apptix_whitepaper_cloudreliabilitycost_0423_final.pdf
Protect
Hospitals and health systems have invested significant funds and other resources to meet numerous strategic enterprise initiatives such as ICD-10, Meaningful Use, HIPAA requirements, whether to join or form an ACO, and others. Executives from four major health systems came together for a roundtable discussion on how employing an integrated strategy has helped them overcome challenges and achieve goals. <br> </br> Learn how leading healthcare organizations are:<br> </br> • Educating stakeholders on the ultimate benefits of the initiatives<br> • Adopting methodologies that streamline workflows and reduce costs<br> • Sharing information and promoting best practices across the enterprise<br> • Avoiding initiatives being deployed in silos<br> • Knowing when to partner with trusted organizations to achieve initiatives more rapidly and efficiently<br>
April 30, 2013
Resource
sites/default/files/resource-media/pdf/roundtable_article_final.pdf
Protect
What are the most important questions to ask when selecting a secure texting solution? Find out what really matters by reading this whitepaper on the 10 most important things to know when evaluating a solution.
April 19, 2013
Resource
sites/default/files/resource-media/pdf/tigertext_white_paper_-_top_10_considerations_when_selecting_a_secure_text_messaging_solution.pdf
Protect
Cloud-based Microsoft Exchange service features all the mission critical enterprise-class communication and collaboration capabilities of an in-house solution without the unpredictable costs and management headaches. With flexible customization options, healthcare organizations can seamlessly move to a cloud-based solution without compromising security or altering their current encryption approach.
April 2, 2013
Resource
sites/default/files/resource-media/pdf/apptix_whitepaper_cloudreliability_final.pdf
Protect
This report outlines the future look of Forrester's solution for security and risk (S&R) executives working on building an identity and access management strategy for the extended enterprise. This report will help you understand the major business and IT trends affecting identity and access management (IAM) during the next five years. Learn why applying a Zero Trust information security model to IAM helps security teams unify and improve access control across the extended enterprise.
March 22, 2013
Resource
sites/default/files/resource-media/pdf/forrester_navigate_the_future_of_identity_and_access_management_final.pdf
Protect
Healthcare IT departments must defend against complex internal and external threats while still maintaining compliance with HIPAA/HITCH. The same is true for businesses of all kinds – they are simply overwhelmed. Clearly, organizational risk management has reached a critical juncture. A July 2012 IDG Research Services poll of CIOs and IT managers underscores the gravity of the situation. The results provide important data about how enterprises view compliance overall, and identity management and access governance in particular.
March 22, 2013
Resource
sites/default/files/resource-media/pdf/white_paper_idg_why_it_pays_to_take_a_busines-centric_approach_to_compli.pdf
Protect
Organizations of all kinds, including those in the healthcare industry, are doing business in new ways, thanks to new IT infrastructure technologies like virtualization, cloud computing and mobility, which are changing how users interact with information and with each other. As the enterprise becomes more interconnected and distributed, business agility increases; but information security specialists face new challenges around maintaining effective security and monitoring controls.
March 22, 2013
Resource
sites/default/files/resource-media/pdf/netiq_wp_realtimesecurityintelligence_print.pdf
Protect
Organizations are consuming software-as-a-service applications at an ever-accelerating rate. While the advantages of SaaS applications are many, so are the potential pitfalls of unauthorized access. As these applications become increasingly popular, the need to manage access SaaS-hosted information becomes even more crucial. Security, compliance reporting and ease of access must be balanced to ensure that information in the cloud is protected without impacting your organizations ability to serve patients, healthcare professionals, and business partners.
March 22, 2013
Resource
sites/default/files/resource-media/pdf/netiq_wp_extending_access_control_to_cloud_usv.pdf
Protect
The vision, as described by Amit Singhal, who is in charge of search for Google, is that instead of typing words into a box, we will have conversations with Google, enabling a much more personalized experience. If you apply this thinking to healthcare, several controversies/topics come to the fore.
May 24, 2013
Blog
Every organization is considering “cloud” approaches for their business, yet if you ask “what is cloud” you’ll get a wide range of answers. This variety of cloud options has an impact on healthcare organizations, especially those contemplating a future cloud strategy aligned to regulatory compliance.
May 6, 2013
Blog
If you’re an IT vendor who services healthcare clients, you’re no doubt well-acquainted with HIPAA compliance rules. And chances are that lately you’ve been hearing rumblings about the new HIPAA Omnibus rule.
April 26, 2013
Blog
All organizations have a business imperative to control risk. For healthcare companies that corporate responsibility extends to the protection of ePHI within their organization.
April 3, 2013
Blog
To put it mildly, the transition to EHRs comes freighted with a whole host of expectations.
February 7, 2013
Blog
Were you run over by the HIPAA bus yesterday? The Omnibus final rule finally landed with a crunch last night. If you check out #HIPAAbus, you'll see my notes from my blaze through with page numbers.
January 18, 2013
Blog
t’s time for some New Year’s resolutions; and they have nothing to do with eating right, losing weight or exercising. Instead, they have everything to do with protecting against the organizational and financial stresses of data breaches.
January 8, 2013
Blog
As I travel the country, I find that CIOs everywhere are struggling with BYOD in particular but remote access more generally.
November 30, 2012
Blog
Just two and a half years after hosting a workshop on the HIPAA Privacy Rule's de-identification standard, OCR has issued its "Guidance Regarding Methods for De-identification of Protected Health Information in Accordance with the Health Insurance Portability and Accountability Act (HIPAA) Privacy Rule."
November 29, 2012
Blog
Google your name. The first results will likely be physician finder sites like RateMDs.com, Health Grades or Vitals, or broad-based service finders like Yelp or InsiderPages. The reviews can be critical to your success as a doctor in today’s world, regardless of whether they are true or not.
November 8, 2012
Blog
Although we all applaud the massive push towards electronic health records and the digitization of medical information, there are some very tangible cybercrime data breach threats that exist which could topple the momentum gained by the launch of the HITECH Act two and half years ago.
October 31, 2012
Blog
Since I keep track of this stuff, I need to include this BBC story on my blog. It involves a patient in a hospital ward taking a picture of another patient and posting it on Facebook along with an insult.
October 4, 2012
Blog