Privacy and Security

As more providers are using digital data, privacy and security issues have become a greater concern. Protecting confidential patient information is also a priority for IT vendors, who are interested in offering solutions that come equipped with heightened security features. The industry-wide transition to HIPAA 5010 code set comes with heightened emphasis on privacy of patient data content in provider transactions, since 5010 aims to ensure that only the "minimum necessary" personal health information required for business purposes is included in a transaction.

RELATED STORIES:
Privacy hindering EHR progress, say researchers
HHS proposes new privacy, security rules

 
A rural Colorado hospital has identified a virus present on its computers that collected and encrypted patient data in a hidden file system. As a result, some 5,400 patients are being mailed breach notification letters today.
May 1, 2014
News
Healthcare security is a multifaceted, ever-shifting challenge -- and all it takes is one missed cue for a costly breach to ensue, says Heather Roszkowski, chief information security officer of Fletcher Allen Healthcare. Technology can give a broader view of where data is, and who's doing what with it.
April 29, 2014
News
The Boston Children's Hospital has found itself the target of multiple cyberattacks throughout the past week, reportedly with the renowned hacker group Anonymous at the center of it.
April 25, 2014
News
Serving notice that "covered entities and business associates must understand that mobile device security is their obligation," the HHS Office for Civil Rights has settled with two organizations for a combined $1,975,220 penalty after their unencrypted computers were stolen.
April 23, 2014
News
Healthcare has a few things to do differently in the privacy and security arena -- one of them being: Start taking it seriously. This according to Verizon's annual breach report.
April 22, 2014
News
UPMC officials say the number of employees affected by a data breach at the renowned medical center is much higher than originally reported -- rising from 322 employees first disclosed on March 6, now up to 27,000 out of a total of 62,000 employees.
April 21, 2014
News
The most basic security truth in 2014 is that encryption done properly -- a high enough level of encryption, proper safeguarding of the encryption key -- is the best thing an IT department can do. Sill, many industries resist encryption, and healthcare is arguably the most strident.
April 17, 2014
News
Security is a nightmare for all companies, but the very nature of healthcare makes it far worse. Are there ways to make security not merely viable, but even profitable?
April 16, 2014
News
When it comes to security threat severity, the Heartbleed bug doesn't miss a beat. That's according to Phil Lerner, chief information security officer at Beth Israel Deaconess Medical Center, who, on a scale from 1 to 10, ranks the bug a solid "high priority" at 7.5.
April 14, 2014
News
Some 5,100 Kaiser Permanente patients were sent HIPAA breach notification letters after a KP research computer was found to have been infected with malicious software. Officials say the computer was infected with the malware for more than two and a half years before being discovered Feb. 12.
April 7, 2014
News
For small- to mid-sized healthcare organizations looking for help with HIPAA security risk assessment, you now have a new tool at your fingertips.
March 28, 2014
News
It's not only federal HIPAA privacy and security violations that may end up costing industry groups a pretty penny. There's also state privacy laws to heed. Case in point is what recently transpired at Stanford Hospital and Clinics.
March 24, 2014
News
As we all implement Meaningful Use stages 1, 2, and 3 from 2011-2015, we will increasingly share data among payers, providers and patients. Protecting privacy is foundational and we should only exchange data per patient preference. How will we achieve that in Massachusetts?
July 26, 2010
Blog
Privacy and security are foundational to healthcare reform. Patients will trust electronic healthcare records only if they believe their confidentiality is protected via good security.
October 7, 2009
Blog
Chilmark has not been a big fan of the National Health Information Network (NHIN) concept. It was, and in large part still is, a top heavy federal government effort to create a nationwide infrastructure to facilitate the exchange of clinical information. A high, lofty and admirable goal, but one that is far too in front of where the market is today.
October 2, 2009
Blog
In my role as vice-Chair of the HIT Standards Committee, I join many of the subcommittee calls debating the standards and implementation guidance needed to support meaningful use. Over the past few months, I've learned a great deal from the Privacy and Security Working group.
September 15, 2009
Blog
Today I led a HITSP Board meeting and we discussed the work being done in collaboration with the HIT Standards Committee.
September 9, 2009
Blog
An often times overlooked aspect to implementing an electronic health record (EHR) is the need for a solid technical infrastructure.
August 11, 2009
Blog
An often times overlooked aspect to implementing an electronic health record (EHR) is the need for a solid technical infrastructure.
August 11, 2009
Blog
A caution to readers: This post is about methods for certifying Electronic Health Record (EHR) technologies used by physicians, medical practices, and hospitals who hope to qualify for federal incentive payments under the so-called HITECH portion of the American Recovery and Reinvestment Act (ARRA).
August 4, 2009
Blog
A caution to readers: This post is about methods for certifying Electronic Health Record (EHR) technologies used by physicians, medical practices, and hospitals who hope to qualify for federal incentive payments under the so-called HITECH portion of the American Recovery and Reinvestment Act (ARRA).
August 4, 2009
Blog
At the July 21 meeting of the HIT Standards, we approved an initial set of standards for quality, clinical operations and security/privacy. Here's an update on the deliberations of the workgroups.
July 31, 2009
Blog
I participated in a personal health record (PHR) workshop yesterday hosted by the Center for Democracy and Technology (CDT). CDT's goal was to gain input from a wide array of stakeholders (an impressive collection of about 40 health care leaders with different types of expertise in PHRs) to help inform CDT's recommendations to federal agencies - HHS and the Federal Trade Commission (FTC) - and try to build some degree of consensus among key stakeholders.
May 20, 2009
Blog
I was recently asked to comment about the resources needed to comply with the Privacy Provisions in the Stimulus Bill.
April 1, 2009
Blog