Privacy and Security

As more providers are using digital data, privacy and security issues have become a greater concern. Protecting confidential patient information is also a priority for IT vendors, who are interested in offering solutions that come equipped with heightened security features. The industry-wide transition to HIPAA 5010 code set comes with heightened emphasis on privacy of patient data content in provider transactions, since 5010 aims to ensure that only the "minimum necessary" personal health information required for business purposes is included in a transaction.

RELATED STORIES:
Privacy hindering EHR progress, say researchers
HHS proposes new privacy, security rules

 
As 2013 nears its end and shortly after the final HIPAA Omnibus rule went into effect back in September, many groups are giving the Office of the National Coordinator an earful about implementing the HIPAA Accounting of Disclosures provision.
November 26, 2013
News
Solid BYOD policies can keep information flowing without running afoul of HIPAA.
November 22, 2013
News
When a medical privacy breach occurs, it's most often the patient who gets notified that their personal information was compromised, not the provider. But that's not always the case.
November 22, 2013
News
Since its launch in 2009, the RSNA Image Share Network has enjoyed robust funding from the National Institute of Biomedical Imaging and Bioengineering and found successes at some of the premier health systems in the U.S. Now it's looking for new providers to join.
November 21, 2013
News
The Office of the Attorney General in California, in collaboration with the American Health Information Management Association, has issued best practice recommendations for providers -- and tips for patients -- to better safeguard health data from theft.
November 21, 2013
News
A new poll from the Ponemon Institute has found that security preparedness is still sorely lacking across healthcare -- a fact that could leave unsuspecting organizations "blindsided" by breaches.
November 21, 2013
News
At a House hearing Nov. 19, lawmakers heard testimonies from security experts over whether HealthCare.gov is secure enough to handle the sensitive personal information of millions. The unanimous response? In its current form, probably not. But, it can get there.
November 20, 2013
News
Researchers and other clinicians love it. Privacy officers, not so much. The popular file hosting site isn't HIPAA compliant, and hasn't shown much interest in business associate agreements.
November 19, 2013
News
Wish there could be a delay of Stage 2 meaningful use? Talk to the Centers for Medicare & Medicaid Services, not the Office of the National Coordinator for Health Information Technology. And don't hold your breath.
November 19, 2013
News
Data breaches and cybersecurity threats in healthcare are going to happen. It's virtually unavoidable. What can be avoidable, however, are the messy consequences of substandard risk assessment strategies and inadequate threat response.
November 15, 2013
News
As patient engagement gains momentum, and technology enables easier access to personal health information, many providers still charge money for copies of records. That's allowed under HIPAA and HITECH. But is it wise?
November 13, 2013
News
With an eye toward bolstering its BYOD capabilities in healthcare and beyond, IBM will acquire Bluebell, Pa.-based Fiberlink Communications, a mobile management and security company, for an undisclosed sum.
November 13, 2013
News
How comprehensive can the information in an EHR be before patients grow concerned for their privacy? Do doctors using EHRs run the risk of missing the meat on the bones -- the details?
July 8, 2011
Blog
In the first national study to examine care at critical access hospitals (CAHs) in rural areas of the U.S., Harvard School of Public Health (HSPH) researchers found that CAHs have fewer clinical capabilities, lower quality of care, and worse patient outcomes compared with other hospitals.
July 8, 2011
Blog
Being in healthcare IT, and inspired all the time by the optimism and the opportunities technology has provided us, I thought that collecting my personal health information would be a fairly simple and straightforward task. Instead, the wide range of service I was provided when simply trying to collect my medical records was quite an eye opening experience.
June 23, 2011
Blog
Topic 3 on the June 20 #HITsm Tweetchat got into discussions of who owns patient data. The moral high ground today seems to be towards "patient ownership." Reality is just a bit different, and I think the discussion of ownership is not all that useful.
June 22, 2011
Blog
If you’re reading this blog, you most likely saw the pop-up/interstitial Intel ad that asks “Is Cloud Computing Right for You?” Steve Jobs apparently thinks so.
June 7, 2011
Blog
HIPAA regulations long on the books require that covered entities provide patients with accounting of disclosures of their protected health information for any purpose other than treatment, payment or health care operations (TPO). The HITECH Act upped the ante, requiring accounting of disclosures of PHI for TPO as well.
June 2, 2011
Blog
At one time or another, you may have heard a book titled, “All I Really Need To Know I Learned in Kindergarten,” by Robert Fulghum. Robert’s lessons translate into my professional world.
May 25, 2011
Blog
It's been a bad month for the cloud.
May 16, 2011
Blog
One of the biggest ongoing debates in the HIT world is how best to protect digitized health information.
May 4, 2011
Blog
While conducting research for the long overdue and nearly completed report on Personal Health Clouds (Dossia, Google Health and HealthVault) came across a recently published report by the European Network and Information Security Agency (ENISA) addressing cloud computing security.
December 10, 2009
Blog
The concepts of “security” and “privacy” of medical information (Protected Health Information, or PHI) are closely intertwined.
September 25, 2009
Blog
When I lecture about the new generation of personal health records such as Google Health and Microsoft Healthvault, I emphasize that these applications are not covered by HIPAA.
January 4, 2009
Blog