Privacy and Security

As more providers are using digital data, privacy and security issues have become a greater concern. Protecting confidential patient information is also a priority for IT vendors, who are interested in offering solutions that come equipped with heightened security features. The industry-wide transition to HIPAA 5010 code set comes with heightened emphasis on privacy of patient data content in provider transactions, since 5010 aims to ensure that only the "minimum necessary" personal health information required for business purposes is included in a transaction.

RELATED STORIES:
Privacy hindering EHR progress, say researchers
HHS proposes new privacy, security rules

 
ONC's electronic health record certification process has some serious shortcomings -- chief among them security practices that are wholly insufficient to adequately protect patient health information, according to a new report from the Office of Inspector General.
August 5, 2014
News
In many ways, mobile device security is an oxymoron in its current state. In fact, if you're using an Internet of Things-type device, chances are it has an average of 25 hidden vulnerabilities, according to new research, making it a ripe target for hackers.
July 30, 2014
News
A Rhode Island hospital, who nearly two years ago notified 14,000 patients of a HIPAA breach involving their data, agreed Wednesday to hand over $150,000 to settle allegations that it failed to safeguard patient information.
July 24, 2014
News
The joys of unintended consequences never end. The Patient Protection and Affordable Care Act required hospitals to get paid based on how much they improved their patients' health rather than on how many tests and procedures were completed. The intent was to improve patient care.
July 24, 2014
News
Johns Hopkins Health System will hand over $190 million to settle a class action privacy lawsuit involving one of its former gynecologists who secretly recorded video and captured photos of patient examinations.
July 22, 2014
News
MemorialCare Health System, a top 100 integrated delivery network, implemented awareness computing technology at the Orange Coast Memorial Medical Center in Fountain Valley, Calif. The goal is to provide roaming clinicians instant access to patient records throughout the hospital, while also ensuring top security.
July 21, 2014
News
Massachusetts healthcare providers are adopting health information technology and health data exchange and drawing consumer support for going digital, according to a new study from Massachusetts eHealth Institute.
July 18, 2014
News
Sure, HIPAA adds a layer of privacy protection for certain health data -- if organizations actually comply with it -- but there remains myriad avenues of mining health data and selling to the highest bidder that do not fall under the purview of HIPAA's privacy and security rules. And they may surprise you.
July 16, 2014
News
Few healthcare IT policies these days are as delicate, sensitive and potentially emotionally explosive as efforts to restrict or regulate employee social media activity. And yet hospital hierarchies are routinely stepping on these political minefields as providers try to protect their reputations.
July 15, 2014
News
The Office of the National Coordinator for Health IT continues to reshape itself as it adjusts to funding limits. To that end, National Coordinator Karen DeSalvo, MD, has outlined a new working group structure for ONC's Health IT Policy Committee.
July 14, 2014
News
The latest revelations from Edward Snowden's document leaks show that not much is beyond the grasp of the National Security Agency -- not even electronic medical records.
July 7, 2014
News
As director of health information technology policy and programs for the National Partnership for Women and Families, Mark Savage keeps a close watch on healthcare information technology, along with all other aspects of patient care.
July 5, 2014
News
The arrival of <a href="/directory/health-information-technology-economic-and-clinical-health-hitech-act" target="_blank" class="directory-item-link">HITECH</a> and other laws designed to enforce HIPAA privacy guidelines makes maintaining HIPAA compliance more important than ever. Faxing anything, in a traditional manner, while maintaining compliance is extremely difficult. Therefore, we need to change the way we process and handle patient healthcare information. Fortunately, the advent of intelligent fax boards has paved the way for healthcare entities to transition into the future while allowing for more economical use of resources and reducing environmental impact.
October 18, 2012
Resource
sites/default/files/resource-media/pdf/hipaa_fax_white_paper_v0.8.pdf
Protect
Electronic locks and latches provide enhanced security where healthcare facilities need it the most – on the carts and cabinets that house valuable medical supplies and patient information. Electronic locks provide secure locking and audit trail capabilities that can help healthcare IT managers comply with industry regulations such as HIPAA and <a href="/directory/health-information-technology-economic-and-clinical-health-hitech-act" target="_blank" class="directory-item-link">HITECH</a>. This white paper explores opportunities for improved physical security in the healthcare environment and reviews electronic access solutions available to equipment manufacturers.
October 16, 2012
Resource
sites/default/files/resource-media/pdf/southco_wp_medsecurity.pdf
Protect
Memorial Hermann needed a more efficient way to process 32,000 user access requests per year to key healthcare and enterprise applications, and better controls around access provided to 20,000 employees including caregivers, employees and temporary workers spread throughout greater Houston, while demonstrating regulatory compliance — primarily with HIPAA and <a href="/directory/health-information-technology-economic-and-clinical-health-hitech-act" target="_blank" class="directory-item-link">HITECH</a>. With the Courion identity and access management suite, Memorial Hermann is now able to perform timely user attestations, streamline compliance, increase operational efficiency and strengthen security.
October 8, 2012
Resource
sites/default/files/resource-media/pdf/casestudy_mhhs_courion.pdf
Protect
HealthSpring is one of the country’s largest and fastest growing providers of <a href="/directory/medicare" target="_blank" class="directory-item-link">Medicare</a> Advantage health care plans with more than one million members in 11 states and the District of Columbia. To improve the accuracy, speed and scalability of its compliance program, HealthSpring chose Courion. The Courion suite is integrated with all of HealthSpring’s critical information technology systems, including its PeopleSoft <a href="/directory/enterprise-resource-planning" target="_blank" class="directory-item-link">enterprise resource planning</a> (ERP), claims processing and membership management systems.
October 8, 2012
Resource
sites/default/files/resource-media/pdf/casestudy_healthspring_courion.pdf
Protect
With sensitive data being continually accessed across the enterprise, the web, and mobile devices, organizations are constantly facing the challenge of protecting their critical assets such as employee and patient data – all of which impact their reputations and their bottom lines. Healthcare organizations in particular need to ensure only the right people have the right access to the right information at the right time. That’s the objective of an access risk management strategy.
October 8, 2012
Resource
sites/default/files/resource-media/pdf/white_paper_access_risk_management_courion.pdf
Protect
Hospitals and medical offices are busy places. Ever wonder how easy it would be for someone to walk out with an office laptop or mobile device? Not only do patients expect confidentiality of their medical records but government regulations like HIPAA demand it. The theft of laptops, computers and mobile devices is a common cause of data breaches and physical security is a highly effective first line of defense.
October 8, 2012
Resource
sites/default/files/resource-media/pdf/kensington_white_paper_080612.pdf
Protect
By taking a comprehensive approach to systems management, healthcare providers’ IT departments can significantly reduce the amount of time required to perform routine maintenance tasks, therefore improving productivity. These time savings allow IT departments to shift staff to more value added activities that help support the business and reachstrategic goals.
September 19, 2012
Resource
sites/default/files/resource-media/pdf/realizing_the_return.pdf
Protect
This white paper provides a brief overview of HIPAA regulations and how healthcare organizations are using technology to assist with compliance. Many traditional document handling processes do not comply with HIPAA regulations for privacy and security. The whitepaper discusses network faxing, explores advantages for implementing a network fax solution to support HIPAA compliance initiatives and to improve the security and overall efficiency of the document transmission processes.
September 11, 2012
Resource
sites/default/files/resource-media/pdf/hipaa_healthcare_transformation_to_electronic_communications.pdf
Protect
As more and more hospitals work to incorporate smartphones into their communication network, they have learned important lessons that can help other facilities make a smooth transition. At the end of the day, the goal is to get the right message, to the right person, on the right device, at the right time.
September 4, 2012
Resource
sites/default/files/resource-media/pdf/wp-us-6-lessons-hospital-smartphone-integration.pdf
Protect
Specialty medicine practices rarely employ a dedicated information technology resource. Durham Nephrology is no exception. The Durham practice navigated the uncharted waters of attesting to <a href="/directory/meaningful-use" target="_blank" class="directory-item-link">Meaningful Use</a> under <a href="/directory/health-information-technology-economic-and-clinical-health-hitech-act" target="_blank" class="directory-item-link">the HITECH Act</a> of 2009 without the benefit of an IT expert or outside consultant. They implemented an <a href="/directory/electronic-health-record-ehr" target="_blank" class="directory-item-link">EHR</a> system in 2003 and believed that an EHR was the only long-term, effective way to organize patient charts and clinical notes. Read this story to find out this resourceful team achieved their goals--and more.
September 4, 2012
Resource
sites/default/files/resource-media/pdf/pro100_proehr_durham_nephrology_associates_nephrology_nc_success_story_10_19_11.pdf
Protect
As doctors and hospitals fight for the lives of their patients, they find themselves drowning in a sea of paperwork. Healthcare workers struggle daily to communicate patient information quickly and securely while complying with numerous insurance policies and industry regulations. Now, with demand from the White House to demonstrate "<a href="/directory/meaningful-use" target="_blank" class="directory-item-link">meaningful use</a>", the incentive to invest in communications technology has never been greater. This report by Smith Ivanson explores the top communication challenges Healthcare organizations face today, and why many of them are turning to Fax Servers to send, receive, and store <a href="/directory/electronic-health-record-ehr" target="_blank" class="directory-item-link">EHRs</a>.
August 29, 2012
Resource
sites/default/files/resource-media/pdf/security__compliance_top_drivers_for_fax_server_adoption_in_healthcare.pdf
Protect
As healthcare organizations develop strategies to comply with federal mandates and succeed in the new environment, wireless is one of the emerging technologies that can enable organizations to meet their clinical and business objectives, especially in this era of having to do more with a finite set of resources. This paper, featuring results from a Healthcare IT News online survey from June and July 2012, discusses current usage of wireless data technology in healthcare and identifies areas of demand and the potential benefits of wireless solutions and strategies.
August 29, 2012
Resource
sites/default/files/resource-media/pdf/sprint_executive_summary_august_2012.pdf
Protect
In the first national study to examine care at critical access hospitals (CAHs) in rural areas of the U.S., Harvard School of Public Health (HSPH) researchers found that CAHs have fewer clinical capabilities, lower quality of care, and worse patient outcomes compared with other hospitals.
July 8, 2011
Blog
Being in healthcare IT, and inspired all the time by the optimism and the opportunities technology has provided us, I thought that collecting my personal health information would be a fairly simple and straightforward task. Instead, the wide range of service I was provided when simply trying to collect my medical records was quite an eye opening experience.
June 23, 2011
Blog
Topic 3 on the June 20 #HITsm Tweetchat got into discussions of who owns patient data. The moral high ground today seems to be towards "patient ownership." Reality is just a bit different, and I think the discussion of ownership is not all that useful.
June 22, 2011
Blog
If you’re reading this blog, you most likely saw the pop-up/interstitial Intel ad that asks “Is Cloud Computing Right for You?” Steve Jobs apparently thinks so.
June 7, 2011
Blog
HIPAA regulations long on the books require that covered entities provide patients with accounting of disclosures of their protected health information for any purpose other than treatment, payment or health care operations (TPO). The HITECH Act upped the ante, requiring accounting of disclosures of PHI for TPO as well.
June 2, 2011
Blog
At one time or another, you may have heard a book titled, “All I Really Need To Know I Learned in Kindergarten,” by Robert Fulghum. Robert’s lessons translate into my professional world.
May 25, 2011
Blog
It's been a bad month for the cloud.
May 16, 2011
Blog
One of the biggest ongoing debates in the HIT world is how best to protect digitized health information.
May 4, 2011
Blog
While conducting research for the long overdue and nearly completed report on Personal Health Clouds (Dossia, Google Health and HealthVault) came across a recently published report by the European Network and Information Security Agency (ENISA) addressing cloud computing security.
December 10, 2009
Blog
The concepts of “security” and “privacy” of medical information (Protected Health Information, or PHI) are closely intertwined.
September 25, 2009
Blog
When I lecture about the new generation of personal health records such as Google Health and Microsoft Healthvault, I emphasize that these applications are not covered by HIPAA.
January 4, 2009
Blog
Egypt's crisis has raised alarms about national security and economic impact for Americans if regime change leads to an anti-US government controlling a strong ally in the Middle East. This crisis raises another more personal concern for Americans that has been overlooked by the national media: The security and availability of your electronic medical records in the event of a government-imposed "kill switch" for the Internet.
February 15, 2011
Blog