Privacy and Security

As more providers are using digital data, privacy and security issues have become a greater concern. Protecting confidential patient information is also a priority for IT vendors, who are interested in offering solutions that come equipped with heightened security features. The industry-wide transition to HIPAA 5010 code set comes with heightened emphasis on privacy of patient data content in provider transactions, since 5010 aims to ensure that only the "minimum necessary" personal health information required for business purposes is included in a transaction.

RELATED STORIES:
Privacy hindering EHR progress, say researchers
HHS proposes new privacy, security rules

 
A keystroke logger infecting three computers has been blamed for swiping the medical and financial data of UC Irvine Student Health Center patients.
May 19, 2014
News
Kaiser Permanente's Jim Doggett talks about the policies and practices that go into the planning of a secure environment.
May 14, 2014
News
A cyber threat response drill for healthcare organizations conducted this past month highlighted some serious challenges facing healthcare security professionals.
May 13, 2014
News
To those shirking their HIPAA privacy and security duties: get ready to pay up. That's the message the Department of Health and Human Services is sending after it set records Wednesday for imposing the largest HIPAA monetary fine to date on two entities found to be seriously lacking in the security arena.
May 8, 2014
News
HIE among U.S. non-federal acute care hospitals has been trending upward since 2008, in fact, and it took some major leaps forward in 2013.
May 6, 2014
News
When even the Department of Homeland Security is warning against using Internet Explorer, it's a safe bet its security flaws are serious. But for many healthcare providers -- notably those still running on Windows XP -- IE's recently-exposed vulnerabilities won't be fixed by Microsoft.
May 1, 2014
News
Can a subcontractor expect to keep the job after accidentally posting protected health information of some 15,000 patients online? A Boston teaching hospital says, "definitely not."
May 1, 2014
News
In the realm of privacy and security, heeding snooping employees and encrypting portable devices isn't enough in healthcare these days. Criminal attacks on hospitals are on a huge upward trend, with a whopping 100 percent increase just from four years ago.
May 1, 2014
News
A rural Colorado hospital has identified a virus present on its computers that collected and encrypted patient data in a hidden file system. As a result, some 5,400 patients are being mailed breach notification letters today.
May 1, 2014
News
Healthcare security is a multifaceted, ever-shifting challenge -- and all it takes is one missed cue for a costly breach to ensue, says Heather Roszkowski, chief information security officer of Fletcher Allen Healthcare. Technology can give a broader view of where data is, and who's doing what with it.
April 29, 2014
News
The Boston Children's Hospital has found itself the target of multiple cyberattacks throughout the past week, reportedly with the renowned hacker group Anonymous at the center of it.
April 25, 2014
News
Serving notice that "covered entities and business associates must understand that mobile device security is their obligation," the HHS Office for Civil Rights has settled with two organizations for a combined $1,975,220 penalty after their unencrypted computers were stolen.
April 23, 2014
News
Specialty medicine practices rarely employ a dedicated information technology resource. Durham Nephrology is no exception. The Durham practice navigated the uncharted waters of attesting to <a href="/directory/meaningful-use" target="_blank" class="directory-item-link">Meaningful Use</a> under <a href="/directory/health-information-technology-economic-and-clinical-health-hitech-act" target="_blank" class="directory-item-link">the HITECH Act</a> of 2009 without the benefit of an IT expert or outside consultant. They implemented an <a href="/directory/electronic-health-record-ehr" target="_blank" class="directory-item-link">EHR</a> system in 2003 and believed that an EHR was the only long-term, effective way to organize patient charts and clinical notes. Read this story to find out this resourceful team achieved their goals--and more.
September 4, 2012
Resource
sites/default/files/resource-media/pdf/pro100_proehr_durham_nephrology_associates_nephrology_nc_success_story_10_19_11.pdf
Protect
As doctors and hospitals fight for the lives of their patients, they find themselves drowning in a sea of paperwork. Healthcare workers struggle daily to communicate patient information quickly and securely while complying with numerous insurance policies and industry regulations. Now, with demand from the White House to demonstrate "<a href="/directory/meaningful-use" target="_blank" class="directory-item-link">meaningful use</a>", the incentive to invest in communications technology has never been greater. This report by Smith Ivanson explores the top communication challenges Healthcare organizations face today, and why many of them are turning to Fax Servers to send, receive, and store <a href="/directory/electronic-health-record-ehr" target="_blank" class="directory-item-link">EHRs</a>.
August 29, 2012
Resource
sites/default/files/resource-media/pdf/security__compliance_top_drivers_for_fax_server_adoption_in_healthcare.pdf
Protect
As healthcare organizations develop strategies to comply with federal mandates and succeed in the new environment, wireless is one of the emerging technologies that can enable organizations to meet their clinical and business objectives, especially in this era of having to do more with a finite set of resources. This paper, featuring results from a Healthcare IT News online survey from June and July 2012, discusses current usage of wireless data technology in healthcare and identifies areas of demand and the potential benefits of wireless solutions and strategies.
August 29, 2012
Resource
sites/default/files/resource-media/pdf/sprint_executive_summary_august_2012.pdf
Protect
Every HIM initiative - especially clinical documentation - relies on a single common thread for success: the availability and integrity of the right data to drive the correct decisions and follow-on actions. Capturing accurate, complete quality clinical documentation is the most critical and fundamental component in providing quality care, and ultimately has the biggest connection to generating revenue. This white paper describes the risks associated with the lack of a core HIT strategy; identifies HIT strategies that can help manage the complex clinical documentation challenges associated with ICD-10, RAC and ACOs; and provides an overview of existing and emerging technologies that have significant impact on addressing these challenges.
August 2, 2012
Resource
sites/default/files/resource-media/pdf/white_paper-perfect_storm.pdf
Protect
Structured and unstructured information are valuable assets that allow companies to make informed business decisions. As a common practice, companies have adopted back office systems and CRM as part of their IT infrastructure to address structured information that’s commonly found in databases. While CRM lays the foundation for the IT infrastructure it does not address the unstructured data that can be found between core systems.
June 22, 2012
Resource
sites/default/files/resource-media/pdf/whitepaper_champaign2.pdf
Protect
As many IT managers and HIPAA Security Officers have already discovered, HIPAA compliance requirements are daunting. The issues are so complex that some institutions have even taken a “wait and see” approach. But, sooner or later, you’ll be expected to demonstrate that your organization can detect, prevent, and respond to attacks, intrusions, or other system failures. Download this free whitepaper, HIPAA Compliance: Meeting the Security Challenge, to take a closer look at the HIPPA Compliance challenge.
May 22, 2012
Resource
sites/default/files/resource-media/pdf/solarwinds_hipaa_compliance_-_meeting_the_security_challenge.pdf
Protect
While the HIPAA Privacy Rule covers protected health information (PHI) in all forms, the HIPAA Security Rule specifically applies only to PHI that is maintained, transformed, or transmitted in electronic form (e-PHI). The Security Rule requires covered entities to meet specific objectives and presents major challenges for virtually every covered entity in the HIPAA environment, no matter how big or small. Covered entities include health plans, health care clearinghouses, and healthcare providers. In addition, business partners and associates who interact with covered entities are forced to deal with the same security issues as covered entities. IT professionals, like you, know the amount of work involved in supporting HIPAA compliance. The members of your IT team have enough on their plates without assuming the role of HIPAA police, but the team can also appreciate that adding technologies for HIPAA Security Rule compliance is an opportunity to make improvements in overall IT security that increases the organization’s bottom line. Read this white paper, including results from the HIMSS 2010 Security Survey, to learn how to fulfill HIPAA Security Rule requirements and improve overall control and performance of your IT infrastructure.
May 16, 2012
Resource
sites/default/files/resource-media/pdf/dell_fulfill_hipaa_security.pdf
Protect
As employees bring their mobile devices to the workplace, while it may increase productivity and reduce cost, it also causes security weaknesses. Download this paper to learn more about mobile security device threats and how to establish a mobile security strategy.
May 7, 2012
Resource
sites/default/files/resource-media/pdf/ibm_securing_mobile_devices.pdf
Protect
About 39% of medical offices in the U.S. have adopted <a href="/directory/electronic-medical-record-emr" target="_blank" class="directory-item-link">EMR</a> technology, according to SK&A. With Medicare and Medicaid incentive payments now available to physician practices and hospitals who make <a href="/directory/meaningful-use" target="_blank" class="directory-item-link">Meaningful Use</a> of such technology, that number is expected to rise over the next several years. But what about the practices who have not yet embarked on the journey toward EMR implementation? What’s holding them back? And where should they turn for help in managing the transition from paper-based records to electronic systems? Download this white paper to learn more about EMR implementation best practices.
April 18, 2012
Resource
sites/default/files/resource-media/pdf/ge_executing_best_practices.pdf
Protect
The United States is undergoing a major transformation of its healthcare delivery system, driven by federal health IT investments and healthcare reforms. This content piece features information from a joint presentation at the HIMSS12 Annual Conference & Exhibition in Las Vegas in February, where Eric Dishman, General Manager of Health Strategy and Solutions at Intel Corporation, and Jason Hwang, MD, executive director of healthcare at the Innosight Institute, presented on the power of “disruptive innovation” to meet the challenges of transforming the U.S. health sector. Download this paper to read examples of how disruption health IT innovation is driving new care models across the globe.
March 29, 2012
Resource
sites/default/files/resource-media/pdf/intel_disruptive_innovation.pdf
Protect
In the first national study to examine care at critical access hospitals (CAHs) in rural areas of the U.S., Harvard School of Public Health (HSPH) researchers found that CAHs have fewer clinical capabilities, lower quality of care, and worse patient outcomes compared with other hospitals.
July 8, 2011
Blog
Being in healthcare IT, and inspired all the time by the optimism and the opportunities technology has provided us, I thought that collecting my personal health information would be a fairly simple and straightforward task. Instead, the wide range of service I was provided when simply trying to collect my medical records was quite an eye opening experience.
June 23, 2011
Blog
Topic 3 on the June 20 #HITsm Tweetchat got into discussions of who owns patient data. The moral high ground today seems to be towards "patient ownership." Reality is just a bit different, and I think the discussion of ownership is not all that useful.
June 22, 2011
Blog
If you’re reading this blog, you most likely saw the pop-up/interstitial Intel ad that asks “Is Cloud Computing Right for You?” Steve Jobs apparently thinks so.
June 7, 2011
Blog
HIPAA regulations long on the books require that covered entities provide patients with accounting of disclosures of their protected health information for any purpose other than treatment, payment or health care operations (TPO). The HITECH Act upped the ante, requiring accounting of disclosures of PHI for TPO as well.
June 2, 2011
Blog
At one time or another, you may have heard a book titled, “All I Really Need To Know I Learned in Kindergarten,” by Robert Fulghum. Robert’s lessons translate into my professional world.
May 25, 2011
Blog
It's been a bad month for the cloud.
May 16, 2011
Blog
One of the biggest ongoing debates in the HIT world is how best to protect digitized health information.
May 4, 2011
Blog
While conducting research for the long overdue and nearly completed report on Personal Health Clouds (Dossia, Google Health and HealthVault) came across a recently published report by the European Network and Information Security Agency (ENISA) addressing cloud computing security.
December 10, 2009
Blog
The concepts of “security” and “privacy” of medical information (Protected Health Information, or PHI) are closely intertwined.
September 25, 2009
Blog
When I lecture about the new generation of personal health records such as Google Health and Microsoft Healthvault, I emphasize that these applications are not covered by HIPAA.
January 4, 2009
Blog
Egypt's crisis has raised alarms about national security and economic impact for Americans if regime change leads to an anti-US government controlling a strong ally in the Middle East. This crisis raises another more personal concern for Americans that has been overlooked by the national media: The security and availability of your electronic medical records in the event of a government-imposed "kill switch" for the Internet.
February 15, 2011
Blog