Privacy and Security

As more providers are using digital data, privacy and security issues have become a greater concern. Protecting confidential patient information is also a priority for IT vendors, who are interested in offering solutions that come equipped with heightened security features. The industry-wide transition to HIPAA 5010 code set comes with heightened emphasis on privacy of patient data content in provider transactions, since 5010 aims to ensure that only the "minimum necessary" personal health information required for business purposes is included in a transaction.

Privacy hindering EHR progress, say researchers
HHS proposes new privacy, security rules

A rural Colorado hospital has identified a virus present on its computers that collected and encrypted patient data in a hidden file system. As a result, some 5,400 patients are being mailed breach notification letters today.
May 1, 2014
Healthcare security is a multifaceted, ever-shifting challenge -- and all it takes is one missed cue for a costly breach to ensue, says Heather Roszkowski, chief information security officer of Fletcher Allen Healthcare. Technology can give a broader view of where data is, and who's doing what with it.
April 29, 2014
The Boston Children's Hospital has found itself the target of multiple cyberattacks throughout the past week, reportedly with the renowned hacker group Anonymous at the center of it.
April 25, 2014
Serving notice that "covered entities and business associates must understand that mobile device security is their obligation," the HHS Office for Civil Rights has settled with two organizations for a combined $1,975,220 penalty after their unencrypted computers were stolen.
April 23, 2014
Healthcare has a few things to do differently in the privacy and security arena -- one of them being: Start taking it seriously. This according to Verizon's annual breach report.
April 22, 2014
UPMC officials say the number of employees affected by a data breach at the renowned medical center is much higher than originally reported -- rising from 322 employees first disclosed on March 6, now up to 27,000 out of a total of 62,000 employees.
April 21, 2014
The most basic security truth in 2014 is that encryption done properly -- a high enough level of encryption, proper safeguarding of the encryption key -- is the best thing an IT department can do. Sill, many industries resist encryption, and healthcare is arguably the most strident.
April 17, 2014
Security is a nightmare for all companies, but the very nature of healthcare makes it far worse. Are there ways to make security not merely viable, but even profitable?
April 16, 2014
When it comes to security threat severity, the Heartbleed bug doesn't miss a beat. That's according to Phil Lerner, chief information security officer at Beth Israel Deaconess Medical Center, who, on a scale from 1 to 10, ranks the bug a solid "high priority" at 7.5.
April 14, 2014
Some 5,100 Kaiser Permanente patients were sent HIPAA breach notification letters after a KP research computer was found to have been infected with malicious software. Officials say the computer was infected with the malware for more than two and a half years before being discovered Feb. 12.
April 7, 2014
For small- to mid-sized healthcare organizations looking for help with HIPAA security risk assessment, you now have a new tool at your fingertips.
March 28, 2014
It's not only federal HIPAA privacy and security violations that may end up costing industry groups a pretty penny. There's also state privacy laws to heed. Case in point is what recently transpired at Stanford Hospital and Clinics.
March 24, 2014
There's been a lot of talk about privacy protections, or lack thereof, in electronic health records, particularly in context of the economic stimulus proposal that includes $20 billion for health IT.
February 13, 2009
When I read a headline like "Privacy advocates hail stimulus bills," I immediately wonder which privacy advocates.
February 5, 2009
Transparency, in the form of a complete, patient-centered and accessible health record is a policy principle that can drive the next wave of health care innovation. Investing exclusively in institutional EHRs will further stifle efficiency, innovation and improvement.
January 29, 2009