Privacy and Security

As more providers are using digital data, privacy and security issues have become a greater concern. Protecting confidential patient information is also a priority for IT vendors, who are interested in offering solutions that come equipped with heightened security features. The industry-wide transition to HIPAA 5010 code set comes with heightened emphasis on privacy of patient data content in provider transactions, since 5010 aims to ensure that only the "minimum necessary" personal health information required for business purposes is included in a transaction.

RELATED STORIES:
Privacy hindering EHR progress, say researchers
HHS proposes new privacy, security rules

 
As anyone who's ever worked for IT security can attest, the job is no walk in the park. New threats, compliance mandates, vulnerabilities and updates are constant. But with strong leadership, and a culture of compliance and responsibility to match, many healthcare organizations have shown it can be done right -- and well.
June 13, 2014
News
A Northern California hospital is reevaluating its security policies after an unencrypted USB drive containing the protected health information of nearly 34,000 patients was stolen from an employee's unlocked locker.
June 13, 2014
News
After nearly five years at the Office of the National Coordinator for Health IT, Chief Privacy Officer Joy Pritts will be leaving her post later this summer.
June 12, 2014
News
Kevin Johnson is a professional hacker -- albeit a self-described ethical one. As head of the security consulting firm Secure Ideas, his job involves probing into organizations' networks and applications to identify vulnerabilities. What he sees in healthcare terrifies him.
June 11, 2014
News
The University of Cincinnati Medical Center is at the center of a legal battle that is the nightmare of every healthcare organization corporate counsel. The allegation is that a financial services employee of the hospital accessed the detailed billing records of a patient with a sexually transmitted disease and deliberately and maliciously published those records on Facebook, taunting and ridiculing the patient.
June 10, 2014
News
A Pennsylvania-based hospital is notifying nearly 2,000 patients of a HIPAA breach after an employee accessed and transmitted patients' protected health data outside of the hospital's secure network.
June 9, 2014
News
Does your organization have a comprehensive data governance program? If not, you're not alone. But you're also not close to where you should be if you want to provide better care at lower cost, according to a new report.
June 4, 2014
News
Healthcare's all about the patients, right? But far too often, there's a disconnect -- the idea that the care ends when the patient exits the building or a diagnosis is made, the idea that clinical deals with clinical and information technology deals with IT.
June 4, 2014
News
As the Cleveland Clinic adds its prestigious name to the hospital groups that have embraced next-generation medical kiosks, healthcare IT executives are wrestling with the powerful pros and cons of such a move.
June 4, 2014
News
Apple on Monday touted its working with the Mayo Clinic as it rolled out an app that would piece together healthcare information from many third-party apps -- including one from Mayo -- to give consumers a comprehensive medical view on a mobile device.
June 3, 2014
News
More than twice as many people as first suspected have been put at risk by a massive data breach at UPMC health system.
June 2, 2014
News
In its newly released semiannual report to Congress, OIG says it focused on "core risk areas" associated with the marketplaces, including eligibility systems, payment accuracy, contractor oversight, and data security.
May 30, 2014
News
This white paper provides a brief overview of HIPAA regulations and how healthcare organizations are using technology to assist with compliance. Many traditional document handling processes do not comply with HIPAA regulations for privacy and security. The whitepaper discusses network faxing, explores advantages for implementing a network fax solution to support HIPAA compliance initiatives and to improve the security and overall efficiency of the document transmission processes.
September 11, 2012
Resource
sites/default/files/resource-media/pdf/hipaa_healthcare_transformation_to_electronic_communications.pdf
Protect
As more and more hospitals work to incorporate smartphones into their communication network, they have learned important lessons that can help other facilities make a smooth transition. At the end of the day, the goal is to get the right message, to the right person, on the right device, at the right time.
September 4, 2012
Resource
sites/default/files/resource-media/pdf/wp-us-6-lessons-hospital-smartphone-integration.pdf
Protect
Specialty medicine practices rarely employ a dedicated information technology resource. Durham Nephrology is no exception. The Durham practice navigated the uncharted waters of attesting to <a href="/directory/meaningful-use" target="_blank" class="directory-item-link">Meaningful Use</a> under <a href="/directory/health-information-technology-economic-and-clinical-health-hitech-act" target="_blank" class="directory-item-link">the HITECH Act</a> of 2009 without the benefit of an IT expert or outside consultant. They implemented an <a href="/directory/electronic-health-record-ehr" target="_blank" class="directory-item-link">EHR</a> system in 2003 and believed that an EHR was the only long-term, effective way to organize patient charts and clinical notes. Read this story to find out this resourceful team achieved their goals--and more.
September 4, 2012
Resource
sites/default/files/resource-media/pdf/pro100_proehr_durham_nephrology_associates_nephrology_nc_success_story_10_19_11.pdf
Protect
As doctors and hospitals fight for the lives of their patients, they find themselves drowning in a sea of paperwork. Healthcare workers struggle daily to communicate patient information quickly and securely while complying with numerous insurance policies and industry regulations. Now, with demand from the White House to demonstrate "<a href="/directory/meaningful-use" target="_blank" class="directory-item-link">meaningful use</a>", the incentive to invest in communications technology has never been greater. This report by Smith Ivanson explores the top communication challenges Healthcare organizations face today, and why many of them are turning to Fax Servers to send, receive, and store <a href="/directory/electronic-health-record-ehr" target="_blank" class="directory-item-link">EHRs</a>.
August 29, 2012
Resource
sites/default/files/resource-media/pdf/security__compliance_top_drivers_for_fax_server_adoption_in_healthcare.pdf
Protect
As healthcare organizations develop strategies to comply with federal mandates and succeed in the new environment, wireless is one of the emerging technologies that can enable organizations to meet their clinical and business objectives, especially in this era of having to do more with a finite set of resources. This paper, featuring results from a Healthcare IT News online survey from June and July 2012, discusses current usage of wireless data technology in healthcare and identifies areas of demand and the potential benefits of wireless solutions and strategies.
August 29, 2012
Resource
sites/default/files/resource-media/pdf/sprint_executive_summary_august_2012.pdf
Protect
Every HIM initiative - especially clinical documentation - relies on a single common thread for success: the availability and integrity of the right data to drive the correct decisions and follow-on actions. Capturing accurate, complete quality clinical documentation is the most critical and fundamental component in providing quality care, and ultimately has the biggest connection to generating revenue. This white paper describes the risks associated with the lack of a core HIT strategy; identifies HIT strategies that can help manage the complex clinical documentation challenges associated with ICD-10, RAC and ACOs; and provides an overview of existing and emerging technologies that have significant impact on addressing these challenges.
August 2, 2012
Resource
sites/default/files/resource-media/pdf/white_paper-perfect_storm.pdf
Protect
Structured and unstructured information are valuable assets that allow companies to make informed business decisions. As a common practice, companies have adopted back office systems and CRM as part of their IT infrastructure to address structured information that’s commonly found in databases. While CRM lays the foundation for the IT infrastructure it does not address the unstructured data that can be found between core systems.
June 22, 2012
Resource
sites/default/files/resource-media/pdf/whitepaper_champaign2.pdf
Protect
As many IT managers and HIPAA Security Officers have already discovered, HIPAA compliance requirements are daunting. The issues are so complex that some institutions have even taken a “wait and see” approach. But, sooner or later, you’ll be expected to demonstrate that your organization can detect, prevent, and respond to attacks, intrusions, or other system failures. Download this free whitepaper, HIPAA Compliance: Meeting the Security Challenge, to take a closer look at the HIPPA Compliance challenge.
May 22, 2012
Resource
sites/default/files/resource-media/pdf/solarwinds_hipaa_compliance_-_meeting_the_security_challenge.pdf
Protect
While the HIPAA Privacy Rule covers protected health information (PHI) in all forms, the HIPAA Security Rule specifically applies only to PHI that is maintained, transformed, or transmitted in electronic form (e-PHI). The Security Rule requires covered entities to meet specific objectives and presents major challenges for virtually every covered entity in the HIPAA environment, no matter how big or small. Covered entities include health plans, health care clearinghouses, and healthcare providers. In addition, business partners and associates who interact with covered entities are forced to deal with the same security issues as covered entities. IT professionals, like you, know the amount of work involved in supporting HIPAA compliance. The members of your IT team have enough on their plates without assuming the role of HIPAA police, but the team can also appreciate that adding technologies for HIPAA Security Rule compliance is an opportunity to make improvements in overall IT security that increases the organization’s bottom line. Read this white paper, including results from the HIMSS 2010 Security Survey, to learn how to fulfill HIPAA Security Rule requirements and improve overall control and performance of your IT infrastructure.
May 16, 2012
Resource
sites/default/files/resource-media/pdf/dell_fulfill_hipaa_security.pdf
Protect
As employees bring their mobile devices to the workplace, while it may increase productivity and reduce cost, it also causes security weaknesses. Download this paper to learn more about mobile security device threats and how to establish a mobile security strategy.
May 7, 2012
Resource
sites/default/files/resource-media/pdf/ibm_securing_mobile_devices.pdf
Protect
About 39% of medical offices in the U.S. have adopted <a href="/directory/electronic-medical-record-emr" target="_blank" class="directory-item-link">EMR</a> technology, according to SK&A. With Medicare and Medicaid incentive payments now available to physician practices and hospitals who make <a href="/directory/meaningful-use" target="_blank" class="directory-item-link">Meaningful Use</a> of such technology, that number is expected to rise over the next several years. But what about the practices who have not yet embarked on the journey toward EMR implementation? What’s holding them back? And where should they turn for help in managing the transition from paper-based records to electronic systems? Download this white paper to learn more about EMR implementation best practices.
April 18, 2012
Resource
sites/default/files/resource-media/pdf/ge_executing_best_practices.pdf
Protect
The United States is undergoing a major transformation of its healthcare delivery system, driven by federal health IT investments and healthcare reforms. This content piece features information from a joint presentation at the HIMSS12 Annual Conference & Exhibition in Las Vegas in February, where Eric Dishman, General Manager of Health Strategy and Solutions at Intel Corporation, and Jason Hwang, MD, executive director of healthcare at the Innosight Institute, presented on the power of “disruptive innovation” to meet the challenges of transforming the U.S. health sector. Download this paper to read examples of how disruption health IT innovation is driving new care models across the globe.
March 29, 2012
Resource
sites/default/files/resource-media/pdf/intel_disruptive_innovation.pdf
Protect
In the first national study to examine care at critical access hospitals (CAHs) in rural areas of the U.S., Harvard School of Public Health (HSPH) researchers found that CAHs have fewer clinical capabilities, lower quality of care, and worse patient outcomes compared with other hospitals.
July 8, 2011
Blog
Being in healthcare IT, and inspired all the time by the optimism and the opportunities technology has provided us, I thought that collecting my personal health information would be a fairly simple and straightforward task. Instead, the wide range of service I was provided when simply trying to collect my medical records was quite an eye opening experience.
June 23, 2011
Blog
Topic 3 on the June 20 #HITsm Tweetchat got into discussions of who owns patient data. The moral high ground today seems to be towards "patient ownership." Reality is just a bit different, and I think the discussion of ownership is not all that useful.
June 22, 2011
Blog
If you’re reading this blog, you most likely saw the pop-up/interstitial Intel ad that asks “Is Cloud Computing Right for You?” Steve Jobs apparently thinks so.
June 7, 2011
Blog
HIPAA regulations long on the books require that covered entities provide patients with accounting of disclosures of their protected health information for any purpose other than treatment, payment or health care operations (TPO). The HITECH Act upped the ante, requiring accounting of disclosures of PHI for TPO as well.
June 2, 2011
Blog
At one time or another, you may have heard a book titled, “All I Really Need To Know I Learned in Kindergarten,” by Robert Fulghum. Robert’s lessons translate into my professional world.
May 25, 2011
Blog
It's been a bad month for the cloud.
May 16, 2011
Blog
One of the biggest ongoing debates in the HIT world is how best to protect digitized health information.
May 4, 2011
Blog
While conducting research for the long overdue and nearly completed report on Personal Health Clouds (Dossia, Google Health and HealthVault) came across a recently published report by the European Network and Information Security Agency (ENISA) addressing cloud computing security.
December 10, 2009
Blog
The concepts of “security” and “privacy” of medical information (Protected Health Information, or PHI) are closely intertwined.
September 25, 2009
Blog
When I lecture about the new generation of personal health records such as Google Health and Microsoft Healthvault, I emphasize that these applications are not covered by HIPAA.
January 4, 2009
Blog
Egypt's crisis has raised alarms about national security and economic impact for Americans if regime change leads to an anti-US government controlling a strong ally in the Middle East. This crisis raises another more personal concern for Americans that has been overlooked by the national media: The security and availability of your electronic medical records in the event of a government-imposed "kill switch" for the Internet.
February 15, 2011
Blog