Privacy and Security

As more providers are using digital data, privacy and security issues have become a greater concern. Protecting confidential patient information is also a priority for IT vendors, who are interested in offering solutions that come equipped with heightened security features. The industry-wide transition to HIPAA 5010 code set comes with heightened emphasis on privacy of patient data content in provider transactions, since 5010 aims to ensure that only the "minimum necessary" personal health information required for business purposes is included in a transaction.

RELATED STORIES:
Privacy hindering EHR progress, say researchers
HHS proposes new privacy, security rules

 
There's been a lot of talk about compliance lately. Federal and state regulations. HIPAA regulations. But, if you're in charge of healthcare security, compliance is far from sufficient, says Jim Routh, chief information security officer for Aetna, one of the nation's leading diversified healthcare benefits companies.
August 6, 2014
News
ONC's electronic health record certification process has some serious shortcomings -- chief among them security practices that are wholly insufficient to adequately protect patient health information, according to a new report from the Office of Inspector General.
August 5, 2014
News
In many ways, mobile device security is an oxymoron in its current state. In fact, if you're using an Internet of Things-type device, chances are it has an average of 25 hidden vulnerabilities, according to new research, making it a ripe target for hackers.
July 30, 2014
News
A Rhode Island hospital, who nearly two years ago notified 14,000 patients of a HIPAA breach involving their data, agreed Wednesday to hand over $150,000 to settle allegations that it failed to safeguard patient information.
July 24, 2014
News
The joys of unintended consequences never end. The Patient Protection and Affordable Care Act required hospitals to get paid based on how much they improved their patients' health rather than on how many tests and procedures were completed. The intent was to improve patient care.
July 24, 2014
News
Johns Hopkins Health System will hand over $190 million to settle a class action privacy lawsuit involving one of its former gynecologists who secretly recorded video and captured photos of patient examinations.
July 22, 2014
News
MemorialCare Health System, a top 100 integrated delivery network, implemented awareness computing technology at the Orange Coast Memorial Medical Center in Fountain Valley, Calif. The goal is to provide roaming clinicians instant access to patient records throughout the hospital, while also ensuring top security.
July 21, 2014
News
Massachusetts healthcare providers are adopting health information technology and health data exchange and drawing consumer support for going digital, according to a new study from Massachusetts eHealth Institute.
July 18, 2014
News
Sure, HIPAA adds a layer of privacy protection for certain health data -- if organizations actually comply with it -- but there remains myriad avenues of mining health data and selling to the highest bidder that do not fall under the purview of HIPAA's privacy and security rules. And they may surprise you.
July 16, 2014
News
Few healthcare IT policies these days are as delicate, sensitive and potentially emotionally explosive as efforts to restrict or regulate employee social media activity. And yet hospital hierarchies are routinely stepping on these political minefields as providers try to protect their reputations.
July 15, 2014
News
The Office of the National Coordinator for Health IT continues to reshape itself as it adjusts to funding limits. To that end, National Coordinator Karen DeSalvo, MD, has outlined a new working group structure for ONC's Health IT Policy Committee.
July 14, 2014
News
The latest revelations from Edward Snowden's document leaks show that not much is beyond the grasp of the National Security Agency -- not even electronic medical records.
July 7, 2014
News
For enterprises looking at NGFWs, the most important consideration is: Will this new technology empower your security teams to securely enable applications to the benefit of the organization? It's not about blocking applications, but safely enabling these applications at the firewall.
January 31, 2014
Resource
sites/default/files/resource-media/pdf/10-things.pdf
Protect
Cybersecurity has become a leading topic both within and beyond the corporate boardroom. What enterprises need to stop the escalation of cyberattacks is a network security approach that is designed from the outset to enable the safe use of the applications and technologies required to support a thriving business.
January 31, 2014
Resource
sites/default/files/resource-media/pdf/cybersecurity-imperatives.pdf
Protect
This paper examines three different organizations, the legacy infrastructure they replaced, the Palo Alto Networks next generation security platform they deployed, and the substantial savings they realized - cutting both capital and operations costs by an average of 50%.
January 31, 2014
Resource
sites/default/files/resource-media/pdf/reducing-costs-with-nextgen-security.pdf
Protect
Iron Mountain has prepared this primer to help you navigate the changes in HIPAA, clarify the role of vendors and other third parties, and heighten your awareness of best practices that will aid in compliance and improve the management of both paper and electronic health records.
October 21, 2013
Resource
sites/default/files/resource-media/pdf/hipaa_primer-andthe-omnibus_final_rule_2013.pdf
Protect
Many healthcare organizations are recognizing the need for a more efficient and effective approach for addressing the HIPAA Security and Privacy rules, and other evolving compliance and security challenges. This paper explores one such solution: unified security monitoring. Unified security monitoring goes well beyond simplifying and automating HIPAA compliance. With always-on coverage and protection, it provides a mechanism for strengthening a healthcare organization’s overall security posture, while reducing ongoing operational risk.
October 9, 2013
Resource
sites/default/files/resource-media/pdf/tenable_for_healthcare_compliance_1.pdf
Protect
Are you prepared for the HITECH Omnibus Final Rule effective Sept 23, 2013? The final ruling has far reaching authority and penalties for noncompliance; unfortunately, most are unclear what the requirements mean for their organization and how to secure protected health information (PHI).
September 17, 2013
Resource
Do Not Protect
http://www.medtechwebinars.com/registration/webinar/addressing-final-hipaa-omnibus-rule-and-securing-protected-health-information?affiliatedata=website
Healthcare organizations are increasingly dependent on web-based technologies to improve patient engagement and address government incentive and regulatory requirements. The success of electronic healthcare record (EHR) initiatives depend on how effectively patients can obtain and manage their health related information securely online.
August 28, 2013
Resource
Do Not Protect
http://www.medtechwebinars.com/registration/webinar/securing-patient-portals-what-you-need-know-comply-hipaa-and-meaningful-use?affiliatedata=website
Patient engagement and electronic HIE are the game changers of Stage 2 meaningful use requirements, which were designed to further expand the meaningful use of certified EHR technology. For patient engagement, the Centers for Medicare and Medicaid Services added two core objectives – providing patients with online access to health information and providing secure messaging between patient and provider. This white paper highlights results from a study conducted by IDR Medical GmbH that surveyed 1,000 U.S.-based patients regarding their attitude toward patient portal technologies. Find out why the results show strong validation for imaging portal demand and need.
August 28, 2013
Resource
sites/default/files/resource-media/pdf/carestream_white_paper_updated_082813.pdf
Protect
Cloud-based Microsoft Exchange service features all the mission critical enterprise-class communication and collaboration capabilities of an in-house solution without the unpredictable costs and management headaches. With flexible customization options, healthcare organizations can seamlessly move to a cloud-based solution without compromising security or altering their current encryption approach.
May 23, 2013
Resource
sites/default/files/resource-media/pdf/apptix_whitepaper_cloudreliabilitycost_0423_final.pdf
Protect
Hospitals and health systems have invested significant funds and other resources to meet numerous strategic enterprise initiatives such as ICD-10, Meaningful Use, HIPAA requirements, whether to join or form an ACO, and others. Executives from four major health systems came together for a roundtable discussion on how employing an integrated strategy has helped them overcome challenges and achieve goals. <br> </br> Learn how leading healthcare organizations are:<br> </br> • Educating stakeholders on the ultimate benefits of the initiatives<br> • Adopting methodologies that streamline workflows and reduce costs<br> • Sharing information and promoting best practices across the enterprise<br> • Avoiding initiatives being deployed in silos<br> • Knowing when to partner with trusted organizations to achieve initiatives more rapidly and efficiently<br>
April 30, 2013
Resource
sites/default/files/resource-media/pdf/roundtable_article_final.pdf
Protect
What are the most important questions to ask when selecting a secure texting solution? Find out what really matters by reading this whitepaper on the 10 most important things to know when evaluating a solution.
April 19, 2013
Resource
sites/default/files/resource-media/pdf/tigertext_white_paper_-_top_10_considerations_when_selecting_a_secure_text_messaging_solution.pdf
Protect
Cloud-based Microsoft Exchange service features all the mission critical enterprise-class communication and collaboration capabilities of an in-house solution without the unpredictable costs and management headaches. With flexible customization options, healthcare organizations can seamlessly move to a cloud-based solution without compromising security or altering their current encryption approach.
April 2, 2013
Resource
sites/default/files/resource-media/pdf/apptix_whitepaper_cloudreliability_final.pdf
Protect
Google your name. The first results will likely be physician finder sites like RateMDs.com, Health Grades or Vitals, or broad-based service finders like Yelp or InsiderPages. The reviews can be critical to your success as a doctor in today’s world, regardless of whether they are true or not.
November 8, 2012
Blog
Although we all applaud the massive push towards electronic health records and the digitization of medical information, there are some very tangible cybercrime data breach threats that exist which could topple the momentum gained by the launch of the HITECH Act two and half years ago.
October 31, 2012
Blog
Since I keep track of this stuff, I need to include this BBC story on my blog. It involves a patient in a hospital ward taking a picture of another patient and posting it on Facebook along with an insult.
October 4, 2012
Blog
I’ve always been of the opinion that anything I disseminate via social media is pretty much fair game, and I try to play by the golden rule of “If you don’t want it used against you in a court of law, don’t tweet it, post it, link it, pin it, etc.”
July 9, 2012
Blog
At the weekly healthcare and social media tweet chat (#HITsm), hosted by HL7 Standards, participants discussed four previously posed questions, exploring the practical use of social media in the healthcare space. Here is a roundup of the best responses.
July 6, 2012
Blog
One major issue facing private and public Health Information Exchanges (HIE) is how to ensure patients privacy preferences are respected by obtaining their consent before data is shared.
June 20, 2012
Blog
America’s population is aging, insurance enrollment is growing, healthcare utilization is increasing, and the cost of delivering medical care is rising. As a result, many companies in the healthcare industry are being challenged to serve more patients and members, to improve the quality of care, and to reduce operational costs.
June 14, 2012
Blog
As we continue the journey to protect corporate data that is accessed from personal mobile devices, we're developing increasingly rigorous policies that rebalance individual preferences with corporate compliance requirements.
May 23, 2012
Blog
The Ponemon Institute recently released their Second Annual Benchmark Survey on Patient Privacy and Data Security. The study focused on actual data loss experience from a sample of 72 healthcare organizations. Co3 Systems created a Top 10 breach/data loss objectives list that helps organizations with the necessary steps in preparation of potential data breach.
May 17, 2012
Blog
There’s a fight going on about the adoption of health information technology in our country. This fight isn’t necessary and it shouldn’t be happening, but it is happening nonetheless – and patients have a lot at stake.
May 2, 2012
Blog
The Acting General Counsel of the National Labor Relations Board released a second report on outcome investigations involving social media that were submitted by regional offices and it underscores two main points.
May 2, 2012
Blog
Todd Park (@todd_park), United States chief technology officer for the Obama Administration, engaged in a live Twitter chat as part of Big Data Week, a string of community-led events relating to big data. Here is a Twitter recap of the Q&A.
April 25, 2012
Blog