Privacy and Security

As more providers are using digital data, privacy and security issues have become a greater concern. Protecting confidential patient information is also a priority for IT vendors, who are interested in offering solutions that come equipped with heightened security features. The industry-wide transition to HIPAA 5010 code set comes with heightened emphasis on privacy of patient data content in provider transactions, since 5010 aims to ensure that only the "minimum necessary" personal health information required for business purposes is included in a transaction.

RELATED STORIES:
Privacy hindering EHR progress, say researchers
HHS proposes new privacy, security rules

 
In one of her first orders of business as new Health and Human Services Secretary, Sylvia Mathews Burwell has made management changes aimed at ensuring that HealthCare.gov is robust enough to handle the upcoming open enrollment period.
June 23, 2014
News
Some 90 percent of healthcare organizations have reported at least one data breach in the past two years, with more than a third seeing more than five breaches. Gerry Hinkley, partner at Pillsbury Winthrop Shaw Pittman's healthcare practice, says breach response is where many make major missteps, mistakes that can easily be avoided.
June 20, 2014
News
More than 20,000 patients seen at a San Diego hospital are getting HIPAA breach notification letters after employees on two separate occasions emailed protected health information to job applicants by mistake. One incident occurred nearly two years ago.
June 19, 2014
News
It's not just the thought of having a data security breach that concerns Kaiser Permanente's Jim Doggett. It's the far-reaching damage such an event could wreak that really keeps him up at night.
June 17, 2014
News
Eighty percent of respondents to the inaugural 2014 HIMSS Analytics Cloud Survey say they currently use cloud-based IT services, for everything from human resources technology to data backup and disaster recovery. Still qualms about performance and privacy persist.
June 17, 2014
News
Imagine if almost everyone walking into your hospital -- patients, doctors, visitors, salespeople -- was carrying an active homing beacon, which broadcast, unencrypted, their presence and repeatedly updated exact location to anyone who chose to listen.
June 16, 2014
News
As anyone who's ever worked for IT security can attest, the job is no walk in the park. New threats, compliance mandates, vulnerabilities and updates are constant. But with strong leadership, and a culture of compliance and responsibility to match, many healthcare organizations have shown it can be done right -- and well.
June 13, 2014
News
A Northern California hospital is reevaluating its security policies after an unencrypted USB drive containing the protected health information of nearly 34,000 patients was stolen from an employee's unlocked locker.
June 13, 2014
News
After nearly five years at the Office of the National Coordinator for Health IT, Chief Privacy Officer Joy Pritts will be leaving her post later this summer.
June 12, 2014
News
Kevin Johnson is a professional hacker -- albeit a self-described ethical one. As head of the security consulting firm Secure Ideas, his job involves probing into organizations' networks and applications to identify vulnerabilities. What he sees in healthcare terrifies him.
June 11, 2014
News
The University of Cincinnati Medical Center is at the center of a legal battle that is the nightmare of every healthcare organization corporate counsel. The allegation is that a financial services employee of the hospital accessed the detailed billing records of a patient with a sexually transmitted disease and deliberately and maliciously published those records on Facebook, taunting and ridiculing the patient.
June 10, 2014
News
A Pennsylvania-based hospital is notifying nearly 2,000 patients of a HIPAA breach after an employee accessed and transmitted patients' protected health data outside of the hospital's secure network.
June 9, 2014
News
This report outlines the future look of Forrester's solution for security and risk (S&R) executives working on building an identity and access management strategy for the extended enterprise. This report will help you understand the major business and IT trends affecting identity and access management (IAM) during the next five years. Learn why applying a Zero Trust information security model to IAM helps security teams unify and improve access control across the extended enterprise.
March 22, 2013
Resource
sites/default/files/resource-media/pdf/forrester_navigate_the_future_of_identity_and_access_management_final.pdf
Protect
Healthcare IT departments must defend against complex internal and external threats while still maintaining compliance with HIPAA/HITCH. The same is true for businesses of all kinds – they are simply overwhelmed. Clearly, organizational risk management has reached a critical juncture. A July 2012 IDG Research Services poll of CIOs and IT managers underscores the gravity of the situation. The results provide important data about how enterprises view compliance overall, and identity management and access governance in particular.
March 22, 2013
Resource
sites/default/files/resource-media/pdf/white_paper_idg_why_it_pays_to_take_a_busines-centric_approach_to_compli.pdf
Protect
Organizations of all kinds, including those in the healthcare industry, are doing business in new ways, thanks to new IT infrastructure technologies like virtualization, cloud computing and mobility, which are changing how users interact with information and with each other. As the enterprise becomes more interconnected and distributed, business agility increases; but information security specialists face new challenges around maintaining effective security and monitoring controls.
March 22, 2013
Resource
sites/default/files/resource-media/pdf/netiq_wp_realtimesecurityintelligence_print.pdf
Protect
Organizations are consuming software-as-a-service applications at an ever-accelerating rate. While the advantages of SaaS applications are many, so are the potential pitfalls of unauthorized access. As these applications become increasingly popular, the need to manage access SaaS-hosted information becomes even more crucial. Security, compliance reporting and ease of access must be balanced to ensure that information in the cloud is protected without impacting your organizations ability to serve patients, healthcare professionals, and business partners.
March 22, 2013
Resource
sites/default/files/resource-media/pdf/netiq_wp_extending_access_control_to_cloud_usv.pdf
Protect
Given the risks throughout today's complex threat and regulatory landscapes, your need to effectively and securely manage access to critical resources has never been greater. You need to know exactly who has access to what resources and if that access is appropriate. This is as true for the healthcare industry as it is for every other, highly regulated industry. As threats become more sophisticated, so does the speed with which your organization must respond to them.
March 22, 2013
Resource
sites/default/files/resource-media/pdf/white_paper_identity_and_access_governance_bringing_business_and_it_toge.pdf
Protect
The only thing that is constant is change. This old adage has never been truer for the healthcare industry than it is today. Businesses of all kinds must manage their systems in the face of ever growing and changing complexities. Good Identity and Access Governance practices are front and center in the ongoing battle to deal with constant change effectively.
March 22, 2013
Resource
sites/default/files/resource-media/pdf/white_paper_managing_change_and_complexity_with_identity_and_access_gove._1.pdf
Protect
For provider organizations, tools that drive improved performance of legacy clinical applications as well as improve security and create efficiencies in the management of client computing are increasingly becoming critical for healthcare organizations. Desktop virtualization technology is increasingly being used by providers to realize these advantages.
March 13, 2013
Resource
sites/default/files/resource-media/pdf/netapp_hc_wp_desktop_virtualization_031213.pdf
Protect
Agility is central to delivering excellence in patient care. However, healthcare organizations have entered a new era of scale in which the amount of data captured, processed, and stored is breaking down every architectural construct in the storage industry. NetApp delivers innovative technologies and capabilities for an agile data infrastructure that address the challenges of big data scale, enabling healthcare providers to gain insight into massive datasets, move data quickly, and store important content for long periods of time.
March 13, 2013
Resource
sites/default/files/resource-media/pdf/netapp_hc_wp_patient_care_clinical_data_031213.pdf
Protect
This white paper focuses on how an EHR-Extender (EHR-e) can help hospitals leverage data trapped in the EHR and other clinical systems to establish better care team communication. The result of contextual critical alerts and texts are improved communication and enhanced workflows which makes patients, healthcare staff, administration, and regulators happy.
January 2, 2013
Resource
sites/default/files/resource-media/pdf/extension_wp_beyond_the_ehr_final.2012.12.11.pdf
Protect
Watch this informative video to learn more about EXTENSION's most popular clinical workflow solutions for nurses and physicians inluding nurse call integration, mobile critical lab notifications, mobile report availability, mobile STAT order notifications, HIPAA-compliant texting and more. EXTENSION's mobile point-of-care solutions improve staff satisfaction, patient safety, and HCAHPS scores.
January 2, 2013
Resource
Protect
http://www.medtechmedia.com/files/resource_central/HealthAlert_Overview_Video.mov
Google your name. The first results will likely be physician finder sites like RateMDs.com, Health Grades or Vitals, or broad-based service finders like Yelp or InsiderPages. The reviews can be critical to your success as a doctor in today’s world, regardless of whether they are true or not.
November 8, 2012
Blog
Although we all applaud the massive push towards electronic health records and the digitization of medical information, there are some very tangible cybercrime data breach threats that exist which could topple the momentum gained by the launch of the HITECH Act two and half years ago.
October 31, 2012
Blog
Since I keep track of this stuff, I need to include this BBC story on my blog. It involves a patient in a hospital ward taking a picture of another patient and posting it on Facebook along with an insult.
October 4, 2012
Blog
I’ve always been of the opinion that anything I disseminate via social media is pretty much fair game, and I try to play by the golden rule of “If you don’t want it used against you in a court of law, don’t tweet it, post it, link it, pin it, etc.”
July 9, 2012
Blog
At the weekly healthcare and social media tweet chat (#HITsm), hosted by HL7 Standards, participants discussed four previously posed questions, exploring the practical use of social media in the healthcare space. Here is a roundup of the best responses.
July 6, 2012
Blog
One major issue facing private and public Health Information Exchanges (HIE) is how to ensure patients privacy preferences are respected by obtaining their consent before data is shared.
June 20, 2012
Blog
America’s population is aging, insurance enrollment is growing, healthcare utilization is increasing, and the cost of delivering medical care is rising. As a result, many companies in the healthcare industry are being challenged to serve more patients and members, to improve the quality of care, and to reduce operational costs.
June 14, 2012
Blog
As we continue the journey to protect corporate data that is accessed from personal mobile devices, we're developing increasingly rigorous policies that rebalance individual preferences with corporate compliance requirements.
May 23, 2012
Blog
The Ponemon Institute recently released their Second Annual Benchmark Survey on Patient Privacy and Data Security. The study focused on actual data loss experience from a sample of 72 healthcare organizations. Co3 Systems created a Top 10 breach/data loss objectives list that helps organizations with the necessary steps in preparation of potential data breach.
May 17, 2012
Blog
There’s a fight going on about the adoption of health information technology in our country. This fight isn’t necessary and it shouldn’t be happening, but it is happening nonetheless – and patients have a lot at stake.
May 2, 2012
Blog
The Acting General Counsel of the National Labor Relations Board released a second report on outcome investigations involving social media that were submitted by regional offices and it underscores two main points.
May 2, 2012
Blog
Todd Park (@todd_park), United States chief technology officer for the Obama Administration, engaged in a live Twitter chat as part of Big Data Week, a string of community-led events relating to big data. Here is a Twitter recap of the Q&A.
April 25, 2012
Blog