Many healthcare organizations embark on cloud migrations to achieve scalability, cost-efficiency, and higher application performance. But migrating applications to the cloud can be a complex process that requires careful planning and deliberation. Challenges can include unanticipated interoperability issues,...
Evolving criminal and unscrupulous internal threats to healthcare data networks continue to plant seeds of fear and uncertainty in the minds of healthcare IT professionals. Those fears are wellfounded; a recent Information Week survey found that 91 percent of small healthcare practices in North America say they have...
The hack of health insurer Anthem exposes data on 80 million Americans. A breach of an electronic health records vendor affects dozens of clinics. A California hospital pays a ransom to get data decrypted by hackers. These and other headline-grabbing breaches are getting the attention of CEOs and boards of directors....
New long-awaited federal guidance clarifies that cloud services providers that handle protected health information are nearly always considered business associates under HIPAA and, as a result, must meet the regulation's security requirements.
Hacker attacks continue to account for the vast majority of health data breach victims this year, according to the latest federal tally. Some security experts expect that trend will persist as long as many organizations focus narrowly on HIPAA compliance rather than larger cybersecurity issues.
It's a story you'll watch unfold time and time again. The breach. The headlines. The confusion. The public apologies. The finger-pointing. And it's often followed by some form of the following statement: "But I was compliant." Compliance is never enough. The challenges are understandable, but taking the path of least...
The rising cost of pharmaceuticals is an unfortunate reality that can render patients unable to afford medication. This struggle was evident to Dr. Michael Rae who created the Rx Savings Solutions app that helps consumers save on prescription costs. Dr. Rae is a medical expert, but since technology is not his forte,...
The Health Information Trust Alliance (HITRUST) began a search for a secure cloud solution for their Common Security Framework (CSF) application. CSF gives businesses the structure, detail and clarity needed to more efficiently and effectively meet healthcare regulatory compliance standards, including HIPAA.
The...
To help simplify the difficulties associated with HIPAA compliance, the Health Information Trust Alliance (HITRUST), a non-profit organization, collaborated with leaders in healthcare and information security to develop the HITRUST Common Security Framework (CSF). CSF is a certifiable security framework that scales...
Because the legal relationships between healthcare organizations can be very complex, it's not always crystal clear when business associate agreements should be in place to help safeguard patient data, says privacy attorney Adam Greene. He explains the legal issues in this in-depth interview.
Even when entangled in billing or other disputes with covered entities, business associates may not hold hostage the protected health information of patients, federal regulators say in recently issued guidance.
A new watchdog agency report says HHS needs to provide much more guidance on how healthcare organizations should implement controls identified by the NIST Cybersecurity Framework. But some security experts are calling for bolder action - an update of the HIPAA Security Rule.
Federal regulators have entered a $400,000 settlement with an organization that provides centralized corporate support services for a number of New England-area covered entities, citing the lack of an updated business associate agreement. What lessons can be learned from the settlement?
A recent court ruling illustrates yet another way patient privacy can be compromised. A federal bankruptcy court slapped WakeMed Health and Hospitals with financial penalties for exposing patient information in filings it made for cases.
A recent incident involving a vendor using a Boston clinic employee's credentials to inappropriately access patient data via a regional health information exchange illustrates the potential risks involved as the use of HIEs continues to grow.
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing govinfosecurity.com, you agree to our use of cookies.
