The federal agency that enforces HIPAA has been very busy lately, taking numerous steps to reiterate the importance of safeguarding patient data and stressing the need to prepare a breach response plan. But the agency still needs to improve transparency on breaches involving business associates.
HIPAA has long provided patients with the right to access their own "designated record set" of protected health information. But federal regulators are on a campaign to help patients and healthcare organizations understand records access rights, as well as the related privacy risks.
The federal tally of major health data breaches is littered with hundreds of incidents blamed on business associates that affected a total of tens of millions of individuals. But vendor involvement in breaches is probably actually a lot worse than what's reflected on the HHS tally.
Epic Systems' successful lawsuit against India's Tata Consultancy Services raises many security questions. For example, why did Epic find out about the allegedly inappropriate downloading of trade secrets from an external whistleblower, rather than as a result of internal detection efforts?
Health insurer Anthem, the victim of a massive hacker attack, failed in its effort to persuade a court to allow it to inspect certain customers' computers to help it fight a class-action lawsuit tied to the breach. Why did Anthem make the move? And what issues does it raise?
If recent cyberattacks on healthcare organizations - including the ransomware attack on Hollywood Presbyterian Medical Center - tell us anything, it's that better cyber threat intelligence sharing is desperately needed. A project led by Harris Health Systems aims to help identify the gaps that need to be addressed.
As the federal government moves forward with a long list of endeavors - including a "moonshot to end cancer" - focused on boosting medical innovations, it's critical that patient privacy and data security stay top of mind.
If federal regulators pull the plug on the HITECH Act's "meaningful use" incentive program for electronic health records, they must devise bold new ways to help ensure that data stored in EHR systems is secure.
Is the agency that enforces HIPAA doing enough to make sure that organizations that have had multiple smaller health data breaches are taking steps to improve security?
Two recent breaches that exposed information about mental health patients point to the need for providers to take extra precautions to protect the most sensitive health information.
Adjusting risk management strategies in the aftermath of the newly discovered hacker attack on Excellus BlueCross BlueShield, as well as other recent massive cyber-attacks, will be among the hot topics discussed at the Healthcare Information Security Summit in San Francisco on Sept. 17.
If there's one thing federal regulators want to drill into the heads of covered entities and business associates about data breach prevention, it's this: Stop procrastinating, and conduct a risk analysis and encrypt most of your computing devices right away.
What do federal regulators have to say about the current state of health data security and privacy? And what are the top priorities of the new federal point person for HIPAA enforcement? Find out by following our coverage of an HHS/NIST security conference this week.
The outrage directed at Oracle Corp.'s security chief after a recent blog post in which she scolded third parties who scan the company's software looking for security flaws had a familiar ring: Do medical device makers have a similar cybersecurity attitude?
In the wake of recent alerts about infusion pump security vulnerabilities, now's a good time for all healthcare organizations to reassess their basic practices for keeping medical devices secure and safe. Check out what the VA is doing.
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing govinfosecurity.com, you agree to our use of cookies.