Privacy and Security

As more providers are using digital data, privacy and security issues have become a greater concern. Protecting confidential patient information is also a priority for IT vendors, who are interested in offering solutions that come equipped with heightened security features. The industry-wide transition to HIPAA 5010 code set comes with heightened emphasis on privacy of patient data content in provider transactions, since 5010 aims to ensure that only the "minimum necessary" personal health information required for business purposes is included in a transaction.

RELATED STORIES:
Privacy hindering EHR progress, say researchers
HHS proposes new privacy, security rules

 
Few healthcare IT policies these days are as delicate, sensitive and potentially emotionally explosive as efforts to restrict or regulate employee social media activity. And yet hospital hierarchies are routinely stepping on these political minefields as providers try to protect their reputations.
July 15, 2014
News
The Office of the National Coordinator for Health IT continues to reshape itself as it adjusts to funding limits. To that end, National Coordinator Karen DeSalvo, MD, has outlined a new working group structure for ONC's Health IT Policy Committee.
July 14, 2014
News
The latest revelations from Edward Snowden's document leaks show that not much is beyond the grasp of the National Security Agency -- not even electronic medical records.
July 7, 2014
News
As director of health information technology policy and programs for the National Partnership for Women and Families, Mark Savage keeps a close watch on healthcare information technology, along with all other aspects of patient care.
July 5, 2014
News
The Office for Civil Rights, the HHS division responsible for enforcing HIPAA, is slated to get a new director after the official departure of Leon Rodriguez.
July 2, 2014
News
When an organization experiences a major data breach and puts out a news release, the point is to comfort people that the news isn't as bad as it sounds. But at the same time, it's critical to be precise with language -- lest that organization be compelled to subsequently issue the dreaded, "What we actually meant to say in Monday's statement…" statement.
July 1, 2014
News
Call it big data bloodlust: The more health information being generated by a growing contingency of apps, devices, electronic health records, mHealth sensors and wearables, the broader and stronger the desire for that data becomes.
June 30, 2014
News
In one of the largest HIPAA breaches ever reported, the Montana Department of Public Health and Human Services is notifying some 1.3 million people after hackers gained unfettered access to an agency server for nearly a year before being discovered.
June 25, 2014
News
More than 60 percent of all industries worldwide embrace BYOD, says Mac McMillan, CEO of the information security company CynergisTek and chairman of the HIMSS Privacy and Security Task Force. In healthcare, that number stands at around 85 percent, with 92 percent of that number saying personal mobile devices are in use multiple times every day.
June 25, 2014
News
As myriad healthcare organizations have attested, the aftermath of a HIPAA violation generally isn't a pretty sight, especially when it comes to one's bank account. One Indiana-based health system has witnessed this reality after being slapped with an $800,000 settlement for violating the HIPAA Privacy Rule.
June 24, 2014
News
The U.S. Department of Health & Human Services has launched a federal probe into HIPAA privacy violations at the University of Cincinnati Medical Center, according to an HHS spokesperson.
June 24, 2014
News
Data attacks on healthcare organizations have increased a whopping 100 percent from just four years ago, a reality that has chief security and information officers in a dash to stay ahead of the data protection curve.
June 23, 2014
News
For enterprises looking at NGFWs, the most important consideration is: Will this new technology empower your security teams to securely enable applications to the benefit of the organization? It's not about blocking applications, but safely enabling these applications at the firewall.
January 31, 2014
Resource
sites/default/files/resource-media/pdf/10-things.pdf
Protect
Cybersecurity has become a leading topic both within and beyond the corporate boardroom. What enterprises need to stop the escalation of cyberattacks is a network security approach that is designed from the outset to enable the safe use of the applications and technologies required to support a thriving business.
January 31, 2014
Resource
sites/default/files/resource-media/pdf/cybersecurity-imperatives.pdf
Protect
This paper examines three different organizations, the legacy infrastructure they replaced, the Palo Alto Networks next generation security platform they deployed, and the substantial savings they realized - cutting both capital and operations costs by an average of 50%.
January 31, 2014
Resource
sites/default/files/resource-media/pdf/reducing-costs-with-nextgen-security.pdf
Protect
Iron Mountain has prepared this primer to help you navigate the changes in HIPAA, clarify the role of vendors and other third parties, and heighten your awareness of best practices that will aid in compliance and improve the management of both paper and electronic health records.
October 21, 2013
Resource
sites/default/files/resource-media/pdf/hipaa_primer-andthe-omnibus_final_rule_2013.pdf
Protect
Many healthcare organizations are recognizing the need for a more efficient and effective approach for addressing the HIPAA Security and Privacy rules, and other evolving compliance and security challenges. This paper explores one such solution: unified security monitoring. Unified security monitoring goes well beyond simplifying and automating HIPAA compliance. With always-on coverage and protection, it provides a mechanism for strengthening a healthcare organization’s overall security posture, while reducing ongoing operational risk.
October 9, 2013
Resource
sites/default/files/resource-media/pdf/tenable_for_healthcare_compliance_1.pdf
Protect
Are you prepared for the HITECH Omnibus Final Rule effective Sept 23, 2013? The final ruling has far reaching authority and penalties for noncompliance; unfortunately, most are unclear what the requirements mean for their organization and how to secure protected health information (PHI).
September 17, 2013
Resource
Do Not Protect
http://www.medtechwebinars.com/registration/webinar/addressing-final-hipaa-omnibus-rule-and-securing-protected-health-information?affiliatedata=website
Healthcare organizations are increasingly dependent on web-based technologies to improve patient engagement and address government incentive and regulatory requirements. The success of electronic healthcare record (EHR) initiatives depend on how effectively patients can obtain and manage their health related information securely online.
August 28, 2013
Resource
Do Not Protect
http://www.medtechwebinars.com/registration/webinar/securing-patient-portals-what-you-need-know-comply-hipaa-and-meaningful-use?affiliatedata=website
Patient engagement and electronic HIE are the game changers of Stage 2 meaningful use requirements, which were designed to further expand the meaningful use of certified EHR technology. For patient engagement, the Centers for Medicare and Medicaid Services added two core objectives – providing patients with online access to health information and providing secure messaging between patient and provider. This white paper highlights results from a study conducted by IDR Medical GmbH that surveyed 1,000 U.S.-based patients regarding their attitude toward patient portal technologies. Find out why the results show strong validation for imaging portal demand and need.
August 28, 2013
Resource
sites/default/files/resource-media/pdf/carestream_white_paper_updated_082813.pdf
Protect
Cloud-based Microsoft Exchange service features all the mission critical enterprise-class communication and collaboration capabilities of an in-house solution without the unpredictable costs and management headaches. With flexible customization options, healthcare organizations can seamlessly move to a cloud-based solution without compromising security or altering their current encryption approach.
May 23, 2013
Resource
sites/default/files/resource-media/pdf/apptix_whitepaper_cloudreliabilitycost_0423_final.pdf
Protect
Hospitals and health systems have invested significant funds and other resources to meet numerous strategic enterprise initiatives such as ICD-10, Meaningful Use, HIPAA requirements, whether to join or form an ACO, and others. Executives from four major health systems came together for a roundtable discussion on how employing an integrated strategy has helped them overcome challenges and achieve goals. <br> </br> Learn how leading healthcare organizations are:<br> </br> • Educating stakeholders on the ultimate benefits of the initiatives<br> • Adopting methodologies that streamline workflows and reduce costs<br> • Sharing information and promoting best practices across the enterprise<br> • Avoiding initiatives being deployed in silos<br> • Knowing when to partner with trusted organizations to achieve initiatives more rapidly and efficiently<br>
April 30, 2013
Resource
sites/default/files/resource-media/pdf/roundtable_article_final.pdf
Protect
What are the most important questions to ask when selecting a secure texting solution? Find out what really matters by reading this whitepaper on the 10 most important things to know when evaluating a solution.
April 19, 2013
Resource
sites/default/files/resource-media/pdf/tigertext_white_paper_-_top_10_considerations_when_selecting_a_secure_text_messaging_solution.pdf
Protect
Cloud-based Microsoft Exchange service features all the mission critical enterprise-class communication and collaboration capabilities of an in-house solution without the unpredictable costs and management headaches. With flexible customization options, healthcare organizations can seamlessly move to a cloud-based solution without compromising security or altering their current encryption approach.
April 2, 2013
Resource
sites/default/files/resource-media/pdf/apptix_whitepaper_cloudreliability_final.pdf
Protect
While role-based access control has uses in every industry, healthcare systems in particular can benefit from a proper implementation of these solutions.
August 26, 2013
Blog
As healthcare providers rely more and more on evolving technologies to store and transmit their data, compliance has become an increasingly complex landscape to navigate.
August 2, 2013
Blog
I have been following the news about the National Security Agency (NSA) access to our phone records with great interest. If we as a society don’t sort some of this out, we’ll see a repeat in the health sector a few years from now.
June 26, 2013
Blog
The vision, as described by Amit Singhal, who is in charge of search for Google, is that instead of typing words into a box, we will have conversations with Google, enabling a much more personalized experience. If you apply this thinking to healthcare, several controversies/topics come to the fore.
May 24, 2013
Blog
Every organization is considering “cloud” approaches for their business, yet if you ask “what is cloud” you’ll get a wide range of answers. This variety of cloud options has an impact on healthcare organizations, especially those contemplating a future cloud strategy aligned to regulatory compliance.
May 6, 2013
Blog
If you’re an IT vendor who services healthcare clients, you’re no doubt well-acquainted with HIPAA compliance rules. And chances are that lately you’ve been hearing rumblings about the new HIPAA Omnibus rule.
April 26, 2013
Blog
All organizations have a business imperative to control risk. For healthcare companies that corporate responsibility extends to the protection of ePHI within their organization.
April 3, 2013
Blog
To put it mildly, the transition to EHRs comes freighted with a whole host of expectations.
February 7, 2013
Blog
Were you run over by the HIPAA bus yesterday? The Omnibus final rule finally landed with a crunch last night. If you check out #HIPAAbus, you'll see my notes from my blaze through with page numbers.
January 18, 2013
Blog
t’s time for some New Year’s resolutions; and they have nothing to do with eating right, losing weight or exercising. Instead, they have everything to do with protecting against the organizational and financial stresses of data breaches.
January 8, 2013
Blog
As I travel the country, I find that CIOs everywhere are struggling with BYOD in particular but remote access more generally.
November 30, 2012
Blog
Just two and a half years after hosting a workshop on the HIPAA Privacy Rule's de-identification standard, OCR has issued its "Guidance Regarding Methods for De-identification of Protected Health Information in Accordance with the Health Insurance Portability and Accountability Act (HIPAA) Privacy Rule."
November 29, 2012
Blog