Privacy and Security

As more providers are using digital data, privacy and security issues have become a greater concern. Protecting confidential patient information is also a priority for IT vendors, who are interested in offering solutions that come equipped with heightened security features. The industry-wide transition to HIPAA 5010 code set comes with heightened emphasis on privacy of patient data content in provider transactions, since 5010 aims to ensure that only the "minimum necessary" personal health information required for business purposes is included in a transaction.

RELATED STORIES:
Privacy hindering EHR progress, say researchers
HHS proposes new privacy, security rules

 
Massachusetts healthcare providers are adopting health information technology and health data exchange and drawing consumer support for going digital, according to a new study from Massachusetts eHealth Institute.
July 18, 2014
News
Sure, HIPAA adds a layer of privacy protection for certain health data -- if organizations actually comply with it -- but there remains myriad avenues of mining health data and selling to the highest bidder that do not fall under the purview of HIPAA's privacy and security rules. And they may surprise you.
July 16, 2014
News
Few healthcare IT policies these days are as delicate, sensitive and potentially emotionally explosive as efforts to restrict or regulate employee social media activity. And yet hospital hierarchies are routinely stepping on these political minefields as providers try to protect their reputations.
July 15, 2014
News
The Office of the National Coordinator for Health IT continues to reshape itself as it adjusts to funding limits. To that end, National Coordinator Karen DeSalvo, MD, has outlined a new working group structure for ONC's Health IT Policy Committee.
July 14, 2014
News
The latest revelations from Edward Snowden's document leaks show that not much is beyond the grasp of the National Security Agency -- not even electronic medical records.
July 7, 2014
News
As director of health information technology policy and programs for the National Partnership for Women and Families, Mark Savage keeps a close watch on healthcare information technology, along with all other aspects of patient care.
July 5, 2014
News
The Office for Civil Rights, the HHS division responsible for enforcing HIPAA, is slated to get a new director after the official departure of Leon Rodriguez.
July 2, 2014
News
When an organization experiences a major data breach and puts out a news release, the point is to comfort people that the news isn't as bad as it sounds. But at the same time, it's critical to be precise with language -- lest that organization be compelled to subsequently issue the dreaded, "What we actually meant to say in Monday's statement…" statement.
July 1, 2014
News
Call it big data bloodlust: The more health information being generated by a growing contingency of apps, devices, electronic health records, mHealth sensors and wearables, the broader and stronger the desire for that data becomes.
June 30, 2014
News
In one of the largest HIPAA breaches ever reported, the Montana Department of Public Health and Human Services is notifying some 1.3 million people after hackers gained unfettered access to an agency server for nearly a year before being discovered.
June 25, 2014
News
More than 60 percent of all industries worldwide embrace BYOD, says Mac McMillan, CEO of the information security company CynergisTek and chairman of the HIMSS Privacy and Security Task Force. In healthcare, that number stands at around 85 percent, with 92 percent of that number saying personal mobile devices are in use multiple times every day.
June 25, 2014
News
As myriad healthcare organizations have attested, the aftermath of a HIPAA violation generally isn't a pretty sight, especially when it comes to one's bank account. One Indiana-based health system has witnessed this reality after being slapped with an $800,000 settlement for violating the HIPAA Privacy Rule.
June 24, 2014
News
This report outlines the future look of Forrester's solution for security and risk (S&R) executives working on building an identity and access management strategy for the extended enterprise. This report will help you understand the major business and IT trends affecting identity and access management (IAM) during the next five years. Learn why applying a Zero Trust information security model to IAM helps security teams unify and improve access control across the extended enterprise.
March 22, 2013
Resource
sites/default/files/resource-media/pdf/forrester_navigate_the_future_of_identity_and_access_management_final.pdf
Protect
Healthcare IT departments must defend against complex internal and external threats while still maintaining compliance with HIPAA/HITCH. The same is true for businesses of all kinds – they are simply overwhelmed. Clearly, organizational risk management has reached a critical juncture. A July 2012 IDG Research Services poll of CIOs and IT managers underscores the gravity of the situation. The results provide important data about how enterprises view compliance overall, and identity management and access governance in particular.
March 22, 2013
Resource
sites/default/files/resource-media/pdf/white_paper_idg_why_it_pays_to_take_a_busines-centric_approach_to_compli.pdf
Protect
Organizations of all kinds, including those in the healthcare industry, are doing business in new ways, thanks to new IT infrastructure technologies like virtualization, cloud computing and mobility, which are changing how users interact with information and with each other. As the enterprise becomes more interconnected and distributed, business agility increases; but information security specialists face new challenges around maintaining effective security and monitoring controls.
March 22, 2013
Resource
sites/default/files/resource-media/pdf/netiq_wp_realtimesecurityintelligence_print.pdf
Protect
Organizations are consuming software-as-a-service applications at an ever-accelerating rate. While the advantages of SaaS applications are many, so are the potential pitfalls of unauthorized access. As these applications become increasingly popular, the need to manage access SaaS-hosted information becomes even more crucial. Security, compliance reporting and ease of access must be balanced to ensure that information in the cloud is protected without impacting your organizations ability to serve patients, healthcare professionals, and business partners.
March 22, 2013
Resource
sites/default/files/resource-media/pdf/netiq_wp_extending_access_control_to_cloud_usv.pdf
Protect
Given the risks throughout today's complex threat and regulatory landscapes, your need to effectively and securely manage access to critical resources has never been greater. You need to know exactly who has access to what resources and if that access is appropriate. This is as true for the healthcare industry as it is for every other, highly regulated industry. As threats become more sophisticated, so does the speed with which your organization must respond to them.
March 22, 2013
Resource
sites/default/files/resource-media/pdf/white_paper_identity_and_access_governance_bringing_business_and_it_toge.pdf
Protect
The only thing that is constant is change. This old adage has never been truer for the healthcare industry than it is today. Businesses of all kinds must manage their systems in the face of ever growing and changing complexities. Good Identity and Access Governance practices are front and center in the ongoing battle to deal with constant change effectively.
March 22, 2013
Resource
sites/default/files/resource-media/pdf/white_paper_managing_change_and_complexity_with_identity_and_access_gove._1.pdf
Protect
For provider organizations, tools that drive improved performance of legacy clinical applications as well as improve security and create efficiencies in the management of client computing are increasingly becoming critical for healthcare organizations. Desktop virtualization technology is increasingly being used by providers to realize these advantages.
March 13, 2013
Resource
sites/default/files/resource-media/pdf/netapp_hc_wp_desktop_virtualization_031213.pdf
Protect
Agility is central to delivering excellence in patient care. However, healthcare organizations have entered a new era of scale in which the amount of data captured, processed, and stored is breaking down every architectural construct in the storage industry. NetApp delivers innovative technologies and capabilities for an agile data infrastructure that address the challenges of big data scale, enabling healthcare providers to gain insight into massive datasets, move data quickly, and store important content for long periods of time.
March 13, 2013
Resource
sites/default/files/resource-media/pdf/netapp_hc_wp_patient_care_clinical_data_031213.pdf
Protect
This white paper focuses on how an EHR-Extender (EHR-e) can help hospitals leverage data trapped in the EHR and other clinical systems to establish better care team communication. The result of contextual critical alerts and texts are improved communication and enhanced workflows which makes patients, healthcare staff, administration, and regulators happy.
January 2, 2013
Resource
sites/default/files/resource-media/pdf/extension_wp_beyond_the_ehr_final.2012.12.11.pdf
Protect
Watch this informative video to learn more about EXTENSION's most popular clinical workflow solutions for nurses and physicians inluding nurse call integration, mobile critical lab notifications, mobile report availability, mobile STAT order notifications, HIPAA-compliant texting and more. EXTENSION's mobile point-of-care solutions improve staff satisfaction, patient safety, and HCAHPS scores.
January 2, 2013
Resource
Protect
http://www.medtechmedia.com/files/resource_central/HealthAlert_Overview_Video.mov
As the nation begins its pilots of pioneer Accountable Care Organizations and shares more data for care coordination and population management, IT departments will be asked to make clinical records available to increasing numbers of loosely affiliated clinicians and staff.
April 24, 2012
Blog
Healthcare organizations have avoided the use of "public cloud" because of HIPAA/HITECH privacy concerns, lack of breach indemnification/data integrity guarantees, and the unwillingness of many cloud providers to sign business associate agreements.
April 13, 2012
Blog
I was able to talk with Gary Thompson co-founder and CEO of CLOUD Inc. - also known as the Consortium for Local Ownership and Use of Data, Inc.
April 10, 2012
Blog
While many industries are reliant on information technology to deliver services and drive innovation, none is so deeply entwined in IT than healthcare. As such, it should be no surprise that the potential impact of cloud computing is being felt, with mixed feelings, most acutely in this industry.
April 6, 2012
Blog
Like many of you, I made the annual pilgrimage to the HIMSS Conference last month but I didn’t write much publicly about it. Here’s what I learned while I was in Vegas and my takeaways for the rest of the year.
March 27, 2012
Blog
When will our employees learn not to identify patients on Facebook or any other social media site?
January 5, 2012
Blog
Can you hear that clock ticking down to Jan. 1, 2012? If you are among the few in healthcare who are really on the ball, becoming compliant with new ASC-X12 5010 transaction standards ahead of the deadline, then congratulations!
December 13, 2011
Blog
This past week I had the pleasure of traveling, along with MedTech Media Editorial Director Rich Pizzi, to Amelia Island, Fla. for the inaugural HIMSS Leaders & Innovators conference.
November 22, 2011
Blog
I was interviewed for an article on AIS Health that came out last week. The title of this article -- on health care social media and regulatory and legal issues that health care providers may face in using these tools -- struck me as being tinged with hysteria.
November 17, 2011
Blog
The healthcare industry is under constant pressure to streamline the sharing and availability of information, while at the same time maintaining ever-more rigorous controls over patient privacy, and of course, reducing costs at the same time. Therefore cloud computing offers some significant opportunities, perhaps even more significant than in many other industries.
November 15, 2011
Blog
The HITECH Act called for stepped-up HIPAA privacy and security and breach notification rule enforcement with respect to covered entities and business associates, to be accomplished by spot-check audits.
November 9, 2011
Blog
This weekend, I was busy using online applications. While I love doing things online, I do not love signing on to the various websites. This led me to think about my healthcare clients, the clinicians and physicians who need to sign into multiple systems several times a day to do their jobs.
October 10, 2011
Blog