Privacy and Security

As more providers are using digital data, privacy and security issues have become a greater concern. Protecting confidential patient information is also a priority for IT vendors, who are interested in offering solutions that come equipped with heightened security features. The industry-wide transition to HIPAA 5010 code set comes with heightened emphasis on privacy of patient data content in provider transactions, since 5010 aims to ensure that only the "minimum necessary" personal health information required for business purposes is included in a transaction.

RELATED STORIES:
Privacy hindering EHR progress, say researchers
HHS proposes new privacy, security rules

 
As director of health information technology policy and programs for the National Partnership for Women and Families, Mark Savage keeps a close watch on healthcare information technology, along with all other aspects of patient care.
July 5, 2014
News
The Office for Civil Rights, the HHS division responsible for enforcing HIPAA, is slated to get a new director after the official departure of Leon Rodriguez.
July 2, 2014
News
When an organization experiences a major data breach and puts out a news release, the point is to comfort people that the news isn't as bad as it sounds. But at the same time, it's critical to be precise with language -- lest that organization be compelled to subsequently issue the dreaded, "What we actually meant to say in Monday's statement…" statement.
July 1, 2014
News
Call it big data bloodlust: The more health information being generated by a growing contingency of apps, devices, electronic health records, mHealth sensors and wearables, the broader and stronger the desire for that data becomes.
June 30, 2014
News
In one of the largest HIPAA breaches ever reported, the Montana Department of Public Health and Human Services is notifying some 1.3 million people after hackers gained unfettered access to an agency server for nearly a year before being discovered.
June 25, 2014
News
More than 60 percent of all industries worldwide embrace BYOD, says Mac McMillan, CEO of the information security company CynergisTek and chairman of the HIMSS Privacy and Security Task Force. In healthcare, that number stands at around 85 percent, with 92 percent of that number saying personal mobile devices are in use multiple times every day.
June 25, 2014
News
As myriad healthcare organizations have attested, the aftermath of a HIPAA violation generally isn't a pretty sight, especially when it comes to one's bank account. One Indiana-based health system has witnessed this reality after being slapped with an $800,000 settlement for violating the HIPAA Privacy Rule.
June 24, 2014
News
The U.S. Department of Health & Human Services has launched a federal probe into HIPAA privacy violations at the University of Cincinnati Medical Center, according to an HHS spokesperson.
June 24, 2014
News
Data attacks on healthcare organizations have increased a whopping 100 percent from just four years ago, a reality that has chief security and information officers in a dash to stay ahead of the data protection curve.
June 23, 2014
News
In one of her first orders of business as new Health and Human Services Secretary, Sylvia Mathews Burwell has made management changes aimed at ensuring that HealthCare.gov is robust enough to handle the upcoming open enrollment period.
June 23, 2014
News
Some 90 percent of healthcare organizations have reported at least one data breach in the past two years, with more than a third seeing more than five breaches. Gerry Hinkley, partner at Pillsbury Winthrop Shaw Pittman's healthcare practice, says breach response is where many make major missteps, mistakes that can easily be avoided.
June 20, 2014
News
More than 20,000 patients seen at a San Diego hospital are getting HIPAA breach notification letters after employees on two separate occasions emailed protected health information to job applicants by mistake. One incident occurred nearly two years ago.
June 19, 2014
News
Every HIM initiative - especially clinical documentation - relies on a single common thread for success: the availability and integrity of the right data to drive the correct decisions and follow-on actions. Capturing accurate, complete quality clinical documentation is the most critical and fundamental component in providing quality care, and ultimately has the biggest connection to generating revenue. This white paper describes the risks associated with the lack of a core HIT strategy; identifies HIT strategies that can help manage the complex clinical documentation challenges associated with ICD-10, RAC and ACOs; and provides an overview of existing and emerging technologies that have significant impact on addressing these challenges.
August 2, 2012
Resource
sites/default/files/resource-media/pdf/white_paper-perfect_storm.pdf
Protect
Structured and unstructured information are valuable assets that allow companies to make informed business decisions. As a common practice, companies have adopted back office systems and CRM as part of their IT infrastructure to address structured information that’s commonly found in databases. While CRM lays the foundation for the IT infrastructure it does not address the unstructured data that can be found between core systems.
June 22, 2012
Resource
sites/default/files/resource-media/pdf/whitepaper_champaign2.pdf
Protect
As many IT managers and HIPAA Security Officers have already discovered, HIPAA compliance requirements are daunting. The issues are so complex that some institutions have even taken a “wait and see” approach. But, sooner or later, you’ll be expected to demonstrate that your organization can detect, prevent, and respond to attacks, intrusions, or other system failures. Download this free whitepaper, HIPAA Compliance: Meeting the Security Challenge, to take a closer look at the HIPPA Compliance challenge.
May 22, 2012
Resource
sites/default/files/resource-media/pdf/solarwinds_hipaa_compliance_-_meeting_the_security_challenge.pdf
Protect
While the HIPAA Privacy Rule covers protected health information (PHI) in all forms, the HIPAA Security Rule specifically applies only to PHI that is maintained, transformed, or transmitted in electronic form (e-PHI). The Security Rule requires covered entities to meet specific objectives and presents major challenges for virtually every covered entity in the HIPAA environment, no matter how big or small. Covered entities include health plans, health care clearinghouses, and healthcare providers. In addition, business partners and associates who interact with covered entities are forced to deal with the same security issues as covered entities. IT professionals, like you, know the amount of work involved in supporting HIPAA compliance. The members of your IT team have enough on their plates without assuming the role of HIPAA police, but the team can also appreciate that adding technologies for HIPAA Security Rule compliance is an opportunity to make improvements in overall IT security that increases the organization’s bottom line. Read this white paper, including results from the HIMSS 2010 Security Survey, to learn how to fulfill HIPAA Security Rule requirements and improve overall control and performance of your IT infrastructure.
May 16, 2012
Resource
sites/default/files/resource-media/pdf/dell_fulfill_hipaa_security.pdf
Protect
As employees bring their mobile devices to the workplace, while it may increase productivity and reduce cost, it also causes security weaknesses. Download this paper to learn more about mobile security device threats and how to establish a mobile security strategy.
May 7, 2012
Resource
sites/default/files/resource-media/pdf/ibm_securing_mobile_devices.pdf
Protect
About 39% of medical offices in the U.S. have adopted <a href="/directory/electronic-medical-record-emr" target="_blank" class="directory-item-link">EMR</a> technology, according to SK&A. With Medicare and Medicaid incentive payments now available to physician practices and hospitals who make <a href="/directory/meaningful-use" target="_blank" class="directory-item-link">Meaningful Use</a> of such technology, that number is expected to rise over the next several years. But what about the practices who have not yet embarked on the journey toward EMR implementation? What’s holding them back? And where should they turn for help in managing the transition from paper-based records to electronic systems? Download this white paper to learn more about EMR implementation best practices.
April 18, 2012
Resource
sites/default/files/resource-media/pdf/ge_executing_best_practices.pdf
Protect
The United States is undergoing a major transformation of its healthcare delivery system, driven by federal health IT investments and healthcare reforms. This content piece features information from a joint presentation at the HIMSS12 Annual Conference & Exhibition in Las Vegas in February, where Eric Dishman, General Manager of Health Strategy and Solutions at Intel Corporation, and Jason Hwang, MD, executive director of healthcare at the Innosight Institute, presented on the power of “disruptive innovation” to meet the challenges of transforming the U.S. health sector. Download this paper to read examples of how disruption health IT innovation is driving new care models across the globe.
March 29, 2012
Resource
sites/default/files/resource-media/pdf/intel_disruptive_innovation.pdf
Protect
As we all implement Meaningful Use stages 1, 2, and 3 from 2011-2015, we will increasingly share data among payers, providers and patients. Protecting privacy is foundational and we should only exchange data per patient preference. How will we achieve that in Massachusetts?
July 26, 2010
Blog
Privacy and security are foundational to healthcare reform. Patients will trust electronic healthcare records only if they believe their confidentiality is protected via good security.
October 7, 2009
Blog
Chilmark has not been a big fan of the National Health Information Network (NHIN) concept. It was, and in large part still is, a top heavy federal government effort to create a nationwide infrastructure to facilitate the exchange of clinical information. A high, lofty and admirable goal, but one that is far too in front of where the market is today.
October 2, 2009
Blog
In my role as vice-Chair of the HIT Standards Committee, I join many of the subcommittee calls debating the standards and implementation guidance needed to support meaningful use. Over the past few months, I've learned a great deal from the Privacy and Security Working group.
September 15, 2009
Blog
Today I led a HITSP Board meeting and we discussed the work being done in collaboration with the HIT Standards Committee.
September 9, 2009
Blog
An often times overlooked aspect to implementing an electronic health record (EHR) is the need for a solid technical infrastructure.
August 11, 2009
Blog
An often times overlooked aspect to implementing an electronic health record (EHR) is the need for a solid technical infrastructure.
August 11, 2009
Blog
A caution to readers: This post is about methods for certifying Electronic Health Record (EHR) technologies used by physicians, medical practices, and hospitals who hope to qualify for federal incentive payments under the so-called HITECH portion of the American Recovery and Reinvestment Act (ARRA).
August 4, 2009
Blog
A caution to readers: This post is about methods for certifying Electronic Health Record (EHR) technologies used by physicians, medical practices, and hospitals who hope to qualify for federal incentive payments under the so-called HITECH portion of the American Recovery and Reinvestment Act (ARRA).
August 4, 2009
Blog
At the July 21 meeting of the HIT Standards, we approved an initial set of standards for quality, clinical operations and security/privacy. Here's an update on the deliberations of the workgroups.
July 31, 2009
Blog
I participated in a personal health record (PHR) workshop yesterday hosted by the Center for Democracy and Technology (CDT). CDT's goal was to gain input from a wide array of stakeholders (an impressive collection of about 40 health care leaders with different types of expertise in PHRs) to help inform CDT's recommendations to federal agencies - HHS and the Federal Trade Commission (FTC) - and try to build some degree of consensus among key stakeholders.
May 20, 2009
Blog
I was recently asked to comment about the resources needed to comply with the Privacy Provisions in the Stimulus Bill.
April 1, 2009
Blog