Privacy and Security

As more providers are using digital data, privacy and security issues have become a greater concern. Protecting confidential patient information is also a priority for IT vendors, who are interested in offering solutions that come equipped with heightened security features. The industry-wide transition to HIPAA 5010 code set comes with heightened emphasis on privacy of patient data content in provider transactions, since 5010 aims to ensure that only the "minimum necessary" personal health information required for business purposes is included in a transaction.

RELATED STORIES:
Privacy hindering EHR progress, say researchers
HHS proposes new privacy, security rules

 
The Healthcare IT News/HIMSS Media Privacy & Security Forum in Boston featured 47 speakers who shared info and strategized over how to combat cybercrime and other pressing challenges to patient data. Here are four takeaways from the event.
September 17, 2014
News
Texas Health is hardly the only hospital or health network that struggles to convince the CEO, CFO or other board members just how critical funding security initiatives and technologies really is, but it did use a unique approach to get their attention.
September 17, 2014
News
A Huntsville, Ala., clinical diagnostics laboratory has notified more than 7,000 individuals of a HIPAA breach after the company discovered protected health information contained on a third-party server had been unsecured for nearly three years.
September 11, 2014
News
With the war already underway, how can hospitals and networks prepare? Chief information security officers share insights about shifting toward more sophisticated information security tactics.
September 11, 2014
News
When the Office for Civil Rights knocks on your door, asking about HIPAA compliance, it pays to be ready. And OCR is looking to audit providers ranging from large to small, and across a wide geographical distribution.
September 10, 2014
News
The fear of breaches, subsequent fines and reputation loss are among the reasons why some healthcare technology leaders have been hesitant to embrace cloud-based technology writ large. They need not fear, but should be informed.
September 8, 2014
News
Apple is expected to launch HealthKit on Tuesday along with a new iPhone and a much anticipated wearable device, called iWatch. But while the company is working hard to show that privacy rules for its new health platform offer adequate protections, recent high-profile security breaches call its efforts into question.
September 8, 2014
News
HealthCare.gov, the government's insurance enrollment website, was breached in July by a hacker or hackers, according to CMS officials at a briefing on Thursday. The officials said that while the intruders uploaded malware, they took no personal information.
September 5, 2014
News
The 47th and final speaker to join the HIMSS Media and Healthcare IT News Privacy & Security Forum in Boston Sept. 8-9 has quite a tale to tell. Boston Children's Hospital Senior Vice President and CIO Daniel Nigrin, MD, confirmed Sept. 2 that he will speak at the forum.
September 3, 2014
News
Our monthly "Benchmarks" report finds encouraging news on many healthcare privacy fronts. But some recent high-profile breaches show that security threats are getting harder to defend against each day. That means constant vigilance is a must.
September 2, 2014
News
Two large health insurers are hoping a new "public utility" patient data sharing service will improve one of the most pernicious problems in American healthcare.
August 29, 2014
News
Healthcare privacy and security experts from around the U.S. will gather in Boston, Sept. 8-9 to share information and strategize over how to combat cybercrime, insider threats and other pressing challenges to patient data.
August 28, 2014
News
Patient engagement and electronic HIE are the game changers of Stage 2 meaningful use requirements, which were designed to further expand the meaningful use of certified EHR technology. For patient engagement, the Centers for Medicare and Medicaid Services added two core objectives – providing patients with online access to health information and providing secure messaging between patient and provider. This white paper highlights results from a study conducted by IDR Medical GmbH that surveyed 1,000 U.S.-based patients regarding their attitude toward patient portal technologies. Find out why the results show strong validation for imaging portal demand and need.
August 28, 2013
Resource
sites/default/files/resource-media/pdf/carestream_white_paper_updated_082813.pdf
Protect
Cloud-based Microsoft Exchange service features all the mission critical enterprise-class communication and collaboration capabilities of an in-house solution without the unpredictable costs and management headaches. With flexible customization options, healthcare organizations can seamlessly move to a cloud-based solution without compromising security or altering their current encryption approach.
May 23, 2013
Resource
sites/default/files/resource-media/pdf/apptix_whitepaper_cloudreliabilitycost_0423_final.pdf
Protect
Hospitals and health systems have invested significant funds and other resources to meet numerous strategic enterprise initiatives such as ICD-10, Meaningful Use, HIPAA requirements, whether to join or form an ACO, and others. Executives from four major health systems came together for a roundtable discussion on how employing an integrated strategy has helped them overcome challenges and achieve goals. <br> </br> Learn how leading healthcare organizations are:<br> </br> • Educating stakeholders on the ultimate benefits of the initiatives<br> • Adopting methodologies that streamline workflows and reduce costs<br> • Sharing information and promoting best practices across the enterprise<br> • Avoiding initiatives being deployed in silos<br> • Knowing when to partner with trusted organizations to achieve initiatives more rapidly and efficiently<br>
April 30, 2013
Resource
sites/default/files/resource-media/pdf/roundtable_article_final.pdf
Protect
What are the most important questions to ask when selecting a secure texting solution? Find out what really matters by reading this whitepaper on the 10 most important things to know when evaluating a solution.
April 19, 2013
Resource
sites/default/files/resource-media/pdf/tigertext_white_paper_-_top_10_considerations_when_selecting_a_secure_text_messaging_solution.pdf
Protect
Cloud-based Microsoft Exchange service features all the mission critical enterprise-class communication and collaboration capabilities of an in-house solution without the unpredictable costs and management headaches. With flexible customization options, healthcare organizations can seamlessly move to a cloud-based solution without compromising security or altering their current encryption approach.
April 2, 2013
Resource
sites/default/files/resource-media/pdf/apptix_whitepaper_cloudreliability_final.pdf
Protect
This report outlines the future look of Forrester's solution for security and risk (S&R) executives working on building an identity and access management strategy for the extended enterprise. This report will help you understand the major business and IT trends affecting identity and access management (IAM) during the next five years. Learn why applying a Zero Trust information security model to IAM helps security teams unify and improve access control across the extended enterprise.
March 22, 2013
Resource
sites/default/files/resource-media/pdf/forrester_navigate_the_future_of_identity_and_access_management_final.pdf
Protect
Healthcare IT departments must defend against complex internal and external threats while still maintaining compliance with HIPAA/HITCH. The same is true for businesses of all kinds – they are simply overwhelmed. Clearly, organizational risk management has reached a critical juncture. A July 2012 IDG Research Services poll of CIOs and IT managers underscores the gravity of the situation. The results provide important data about how enterprises view compliance overall, and identity management and access governance in particular.
March 22, 2013
Resource
sites/default/files/resource-media/pdf/white_paper_idg_why_it_pays_to_take_a_busines-centric_approach_to_compli.pdf
Protect
Organizations of all kinds, including those in the healthcare industry, are doing business in new ways, thanks to new IT infrastructure technologies like virtualization, cloud computing and mobility, which are changing how users interact with information and with each other. As the enterprise becomes more interconnected and distributed, business agility increases; but information security specialists face new challenges around maintaining effective security and monitoring controls.
March 22, 2013
Resource
sites/default/files/resource-media/pdf/netiq_wp_realtimesecurityintelligence_print.pdf
Protect
Organizations are consuming software-as-a-service applications at an ever-accelerating rate. While the advantages of SaaS applications are many, so are the potential pitfalls of unauthorized access. As these applications become increasingly popular, the need to manage access SaaS-hosted information becomes even more crucial. Security, compliance reporting and ease of access must be balanced to ensure that information in the cloud is protected without impacting your organizations ability to serve patients, healthcare professionals, and business partners.
March 22, 2013
Resource
sites/default/files/resource-media/pdf/netiq_wp_extending_access_control_to_cloud_usv.pdf
Protect
Given the risks throughout today's complex threat and regulatory landscapes, your need to effectively and securely manage access to critical resources has never been greater. You need to know exactly who has access to what resources and if that access is appropriate. This is as true for the healthcare industry as it is for every other, highly regulated industry. As threats become more sophisticated, so does the speed with which your organization must respond to them.
March 22, 2013
Resource
sites/default/files/resource-media/pdf/white_paper_identity_and_access_governance_bringing_business_and_it_toge.pdf
Protect
The only thing that is constant is change. This old adage has never been truer for the healthcare industry than it is today. Businesses of all kinds must manage their systems in the face of ever growing and changing complexities. Good Identity and Access Governance practices are front and center in the ongoing battle to deal with constant change effectively.
March 22, 2013
Resource
sites/default/files/resource-media/pdf/white_paper_managing_change_and_complexity_with_identity_and_access_gove._1.pdf
Protect
For provider organizations, tools that drive improved performance of legacy clinical applications as well as improve security and create efficiencies in the management of client computing are increasingly becoming critical for healthcare organizations. Desktop virtualization technology is increasingly being used by providers to realize these advantages.
March 13, 2013
Resource
sites/default/files/resource-media/pdf/netapp_hc_wp_desktop_virtualization_031213.pdf
Protect
As the nation begins its pilots of pioneer Accountable Care Organizations and shares more data for care coordination and population management, IT departments will be asked to make clinical records available to increasing numbers of loosely affiliated clinicians and staff.
April 24, 2012
Blog
Healthcare organizations have avoided the use of "public cloud" because of HIPAA/HITECH privacy concerns, lack of breach indemnification/data integrity guarantees, and the unwillingness of many cloud providers to sign business associate agreements.
April 13, 2012
Blog
I was able to talk with Gary Thompson co-founder and CEO of CLOUD Inc. - also known as the Consortium for Local Ownership and Use of Data, Inc.
April 10, 2012
Blog
While many industries are reliant on information technology to deliver services and drive innovation, none is so deeply entwined in IT than healthcare. As such, it should be no surprise that the potential impact of cloud computing is being felt, with mixed feelings, most acutely in this industry.
April 6, 2012
Blog
Like many of you, I made the annual pilgrimage to the HIMSS Conference last month but I didn’t write much publicly about it. Here’s what I learned while I was in Vegas and my takeaways for the rest of the year.
March 27, 2012
Blog
When will our employees learn not to identify patients on Facebook or any other social media site?
January 5, 2012
Blog
Can you hear that clock ticking down to Jan. 1, 2012? If you are among the few in healthcare who are really on the ball, becoming compliant with new ASC-X12 5010 transaction standards ahead of the deadline, then congratulations!
December 13, 2011
Blog
This past week I had the pleasure of traveling, along with MedTech Media Editorial Director Rich Pizzi, to Amelia Island, Fla. for the inaugural HIMSS Leaders & Innovators conference.
November 22, 2011
Blog
I was interviewed for an article on AIS Health that came out last week. The title of this article -- on health care social media and regulatory and legal issues that health care providers may face in using these tools -- struck me as being tinged with hysteria.
November 17, 2011
Blog
The healthcare industry is under constant pressure to streamline the sharing and availability of information, while at the same time maintaining ever-more rigorous controls over patient privacy, and of course, reducing costs at the same time. Therefore cloud computing offers some significant opportunities, perhaps even more significant than in many other industries.
November 15, 2011
Blog
The HITECH Act called for stepped-up HIPAA privacy and security and breach notification rule enforcement with respect to covered entities and business associates, to be accomplished by spot-check audits.
November 9, 2011
Blog
This weekend, I was busy using online applications. While I love doing things online, I do not love signing on to the various websites. This led me to think about my healthcare clients, the clinicians and physicians who need to sign into multiple systems several times a day to do their jobs.
October 10, 2011
Blog