Privacy and Security

As more providers are using digital data, privacy and security issues have become a greater concern. Protecting confidential patient information is also a priority for IT vendors, who are interested in offering solutions that come equipped with heightened security features. The industry-wide transition to HIPAA 5010 code set comes with heightened emphasis on privacy of patient data content in provider transactions, since 5010 aims to ensure that only the "minimum necessary" personal health information required for business purposes is included in a transaction.

RELATED STORIES:
Privacy hindering EHR progress, say researchers
HHS proposes new privacy, security rules

 
The National Institutes of Health has issued a final policy it hopes will promote genomic data sharing as a way to improve health while still protecting the privacy of research participants.
August 28, 2014
News
A restrictive new rule change from the Drug Enforcement Administration, making it more difficult for physicians to prescribe opioids, will necessitate some changes to e-prescribing products and practices.
August 28, 2014
News
Consider the Assumption of Breach methodology that Seattle Children's Hospital Chief Information Security Officer Cris Ewell will delve into at the HIMSS Media and Healthcare IT News Privacy and Security Forum in Boston Sept. 8-9.
August 28, 2014
News
In a move meant to broaden its reach, improve security and help providers meet meaningful use, Georgia Health Information Network has upgraded its GeorgiaDirect messaging tool to offer access to the larger DirectTrust community.
August 27, 2014
News
Cedars-Sinai Health System notified its patients of a HIPAA breach, after an unencrypted hospital laptop containing patient medical data and Social Security numbers was stolen from an employee's home.
August 26, 2014
News
A decade ago almost all doctors kept paper charts on every patient. That is changing quickly as laptops become as common as stethoscopes in exam rooms. Here are some frequently asked questions about this evolution underway in American medicine and the government programs sparking the change.
August 21, 2014
News
When it comes to data breaches, hacking and loss or theft of unencrypted devices are far from healthcare security professionals' only concerns. Employee snooping and insider misuse also prove to be among the biggest privacy threats in the healthcare sector today.
August 19, 2014
News
In the second biggest HIPAA breach ever reported, one of the nation's largest healthcare systems has notified some 4.5 million of its patients that their personal information has been stolen by cybercriminals.
August 18, 2014
News
More than $26 billion has been invested, mostly in incentive payments to hospitals and eligible professionals who meaningfully use electronic health records. Yet just a small percentage of healthcare systems are electronically sharing data.
August 15, 2014
News
When asked how big his security team is at the 25-hospital Texas Health Resources, Chief Information Officer Ed Marx responds in a serious manner: "24,000" -- which happens to be the total number of people the health system employs.
August 15, 2014
News
To an industry waiting for more information on Apple's healthcare intentions, even a few crumbs here and there are too tasty to pass up. No word from Apple on timing yet, but Reuters has reported that anonymous sources revealed Apple has held HealthKit discussions with Mount Sinai, the Cleveland Clinic and Johns Hopkins, as well as Epic rival Allscripts.
August 14, 2014
News
With a nod to Apple and its famous 1997 TV spot, which highlighted doers and dreamers who colored outside the lines, we profile some of the 'crazy ones' who are helping transform health IT in new and unique ways.
August 12, 2014
News
Electronic locks and latches provide enhanced security where healthcare facilities need it the most – on the carts and cabinets that house valuable medical supplies and patient information. Electronic locks provide secure locking and audit trail capabilities that can help healthcare IT managers comply with industry regulations such as HIPAA and <a href="/directory/health-information-technology-economic-and-clinical-health-hitech-act" target="_blank" class="directory-item-link">HITECH</a>. This white paper explores opportunities for improved physical security in the healthcare environment and reviews electronic access solutions available to equipment manufacturers.
October 16, 2012
Resource
sites/default/files/resource-media/pdf/southco_wp_medsecurity.pdf
Protect
Memorial Hermann needed a more efficient way to process 32,000 user access requests per year to key healthcare and enterprise applications, and better controls around access provided to 20,000 employees including caregivers, employees and temporary workers spread throughout greater Houston, while demonstrating regulatory compliance — primarily with HIPAA and <a href="/directory/health-information-technology-economic-and-clinical-health-hitech-act" target="_blank" class="directory-item-link">HITECH</a>. With the Courion identity and access management suite, Memorial Hermann is now able to perform timely user attestations, streamline compliance, increase operational efficiency and strengthen security.
October 8, 2012
Resource
sites/default/files/resource-media/pdf/casestudy_mhhs_courion.pdf
Protect
HealthSpring is one of the country’s largest and fastest growing providers of <a href="/directory/medicare" target="_blank" class="directory-item-link">Medicare</a> Advantage health care plans with more than one million members in 11 states and the District of Columbia. To improve the accuracy, speed and scalability of its compliance program, HealthSpring chose Courion. The Courion suite is integrated with all of HealthSpring’s critical information technology systems, including its PeopleSoft <a href="/directory/enterprise-resource-planning" target="_blank" class="directory-item-link">enterprise resource planning</a> (ERP), claims processing and membership management systems.
October 8, 2012
Resource
sites/default/files/resource-media/pdf/casestudy_healthspring_courion.pdf
Protect
With sensitive data being continually accessed across the enterprise, the web, and mobile devices, organizations are constantly facing the challenge of protecting their critical assets such as employee and patient data – all of which impact their reputations and their bottom lines. Healthcare organizations in particular need to ensure only the right people have the right access to the right information at the right time. That’s the objective of an access risk management strategy.
October 8, 2012
Resource
sites/default/files/resource-media/pdf/white_paper_access_risk_management_courion.pdf
Protect
Hospitals and medical offices are busy places. Ever wonder how easy it would be for someone to walk out with an office laptop or mobile device? Not only do patients expect confidentiality of their medical records but government regulations like HIPAA demand it. The theft of laptops, computers and mobile devices is a common cause of data breaches and physical security is a highly effective first line of defense.
October 8, 2012
Resource
sites/default/files/resource-media/pdf/kensington_white_paper_080612.pdf
Protect
By taking a comprehensive approach to systems management, healthcare providers’ IT departments can significantly reduce the amount of time required to perform routine maintenance tasks, therefore improving productivity. These time savings allow IT departments to shift staff to more value added activities that help support the business and reachstrategic goals.
September 19, 2012
Resource
sites/default/files/resource-media/pdf/realizing_the_return.pdf
Protect
This white paper provides a brief overview of HIPAA regulations and how healthcare organizations are using technology to assist with compliance. Many traditional document handling processes do not comply with HIPAA regulations for privacy and security. The whitepaper discusses network faxing, explores advantages for implementing a network fax solution to support HIPAA compliance initiatives and to improve the security and overall efficiency of the document transmission processes.
September 11, 2012
Resource
sites/default/files/resource-media/pdf/hipaa_healthcare_transformation_to_electronic_communications.pdf
Protect
As more and more hospitals work to incorporate smartphones into their communication network, they have learned important lessons that can help other facilities make a smooth transition. At the end of the day, the goal is to get the right message, to the right person, on the right device, at the right time.
September 4, 2012
Resource
sites/default/files/resource-media/pdf/wp-us-6-lessons-hospital-smartphone-integration.pdf
Protect
Specialty medicine practices rarely employ a dedicated information technology resource. Durham Nephrology is no exception. The Durham practice navigated the uncharted waters of attesting to <a href="/directory/meaningful-use" target="_blank" class="directory-item-link">Meaningful Use</a> under <a href="/directory/health-information-technology-economic-and-clinical-health-hitech-act" target="_blank" class="directory-item-link">the HITECH Act</a> of 2009 without the benefit of an IT expert or outside consultant. They implemented an <a href="/directory/electronic-health-record-ehr" target="_blank" class="directory-item-link">EHR</a> system in 2003 and believed that an EHR was the only long-term, effective way to organize patient charts and clinical notes. Read this story to find out this resourceful team achieved their goals--and more.
September 4, 2012
Resource
sites/default/files/resource-media/pdf/pro100_proehr_durham_nephrology_associates_nephrology_nc_success_story_10_19_11.pdf
Protect
As doctors and hospitals fight for the lives of their patients, they find themselves drowning in a sea of paperwork. Healthcare workers struggle daily to communicate patient information quickly and securely while complying with numerous insurance policies and industry regulations. Now, with demand from the White House to demonstrate "<a href="/directory/meaningful-use" target="_blank" class="directory-item-link">meaningful use</a>", the incentive to invest in communications technology has never been greater. This report by Smith Ivanson explores the top communication challenges Healthcare organizations face today, and why many of them are turning to Fax Servers to send, receive, and store <a href="/directory/electronic-health-record-ehr" target="_blank" class="directory-item-link">EHRs</a>.
August 29, 2012
Resource
sites/default/files/resource-media/pdf/security__compliance_top_drivers_for_fax_server_adoption_in_healthcare.pdf
Protect
As healthcare organizations develop strategies to comply with federal mandates and succeed in the new environment, wireless is one of the emerging technologies that can enable organizations to meet their clinical and business objectives, especially in this era of having to do more with a finite set of resources. This paper, featuring results from a Healthcare IT News online survey from June and July 2012, discusses current usage of wireless data technology in healthcare and identifies areas of demand and the potential benefits of wireless solutions and strategies.
August 29, 2012
Resource
sites/default/files/resource-media/pdf/sprint_executive_summary_august_2012.pdf
Protect
Every HIM initiative - especially clinical documentation - relies on a single common thread for success: the availability and integrity of the right data to drive the correct decisions and follow-on actions. Capturing accurate, complete quality clinical documentation is the most critical and fundamental component in providing quality care, and ultimately has the biggest connection to generating revenue. This white paper describes the risks associated with the lack of a core HIT strategy; identifies HIT strategies that can help manage the complex clinical documentation challenges associated with ICD-10, RAC and ACOs; and provides an overview of existing and emerging technologies that have significant impact on addressing these challenges.
August 2, 2012
Resource
sites/default/files/resource-media/pdf/white_paper-perfect_storm.pdf
Protect
Remember in high school how it didn’t take long for a rumor or juicy piece of gossip to run rampant through the halls and spread faster than a wildfire fueled by 80 MPH winds? Well, social media is the new word of mouth.
July 13, 2011
Blog
How comprehensive can the information in an EHR be before patients grow concerned for their privacy? Do doctors using EHRs run the risk of missing the meat on the bones -- the details?
July 8, 2011
Blog
In the first national study to examine care at critical access hospitals (CAHs) in rural areas of the U.S., Harvard School of Public Health (HSPH) researchers found that CAHs have fewer clinical capabilities, lower quality of care, and worse patient outcomes compared with other hospitals.
July 8, 2011
Blog
Being in healthcare IT, and inspired all the time by the optimism and the opportunities technology has provided us, I thought that collecting my personal health information would be a fairly simple and straightforward task. Instead, the wide range of service I was provided when simply trying to collect my medical records was quite an eye opening experience.
June 23, 2011
Blog
Topic 3 on the June 20 #HITsm Tweetchat got into discussions of who owns patient data. The moral high ground today seems to be towards "patient ownership." Reality is just a bit different, and I think the discussion of ownership is not all that useful.
June 22, 2011
Blog
If you’re reading this blog, you most likely saw the pop-up/interstitial Intel ad that asks “Is Cloud Computing Right for You?” Steve Jobs apparently thinks so.
June 7, 2011
Blog
HIPAA regulations long on the books require that covered entities provide patients with accounting of disclosures of their protected health information for any purpose other than treatment, payment or health care operations (TPO). The HITECH Act upped the ante, requiring accounting of disclosures of PHI for TPO as well.
June 2, 2011
Blog
At one time or another, you may have heard a book titled, “All I Really Need To Know I Learned in Kindergarten,” by Robert Fulghum. Robert’s lessons translate into my professional world.
May 25, 2011
Blog
It's been a bad month for the cloud.
May 16, 2011
Blog
One of the biggest ongoing debates in the HIT world is how best to protect digitized health information.
May 4, 2011
Blog
While conducting research for the long overdue and nearly completed report on Personal Health Clouds (Dossia, Google Health and HealthVault) came across a recently published report by the European Network and Information Security Agency (ENISA) addressing cloud computing security.
December 10, 2009
Blog
The concepts of “security” and “privacy” of medical information (Protected Health Information, or PHI) are closely intertwined.
September 25, 2009
Blog