In one of the largest HIPAA settlements ever, federal regulators have signed a $3.5 million settlement with a Massachusetts-based healthcare organization that reported five small health data breaches in 2012 involving lost or stolen unencrypted computing devices.
The newly confirmed secretary of the Department of Health and Human Services, Alex Azar, has the potential to reset critical national healthcare priorities and policies, including those related to security and privacy. But what action will he take regarding HIPAA enforcement and other issues?
A lawsuit alleging that federal regulations "unlawfully" restrict fees healthcare entities can charge for providing patients with copies of their health records shines a spotlight of confusion and obstacle around patients' "right to access" under HIPAA.
The Office of the National Coordinator for Health IT's new chief privacy officer, Kathryn Marchesini, has a wealth of experience. But will the Department of Health and Human Services give her the resources she needs to get the job done?
While a draft "trusted exchange framework" unveiled last week by federal regulators includes proposed components that could raise the bar for the security of health data exchange, some experts caution that elements included in the final document should not be overly prescriptive.
Under what circumstances must a U.S. healthcare provider comply with the European Union's General Data Protection Regulation, which will be enforced beginning in May? In an in-depth interview, regulatory attorney Stephen Wu explains the conditions under which compliance is required.
Federal regulators have released a draft of a trusted health information exchange framework with some detailed security components that go beyond HIPAA requirements. The goal is to advance secure national health data exchange so that clinicians have quicker access to potentially life-saving information.
Despite receiving requests to better align a federal rule regarding the confidentiality of substance abuse records with the requirements of HIPAA, federal regulators only made minor tweaks to the confidentiality rule. Some experts say Congress would have to take action to pave the way for further changes.
As the healthcare sector implements a variety of new applications and increasingly moves to the cloud, it has a fresh opportunity to address security, says Daniel Bowden, CISO at Sentara Healthcare, who discusses best practices.
Ira "Gus" Hunt, a security expert who was formerly CTO at the CIA, analyzes why many large healthcare provider organizations plan to boost cybersecurity spending in 2018 and discusses the role of emerging technologies.
So what actions can we expect in 2018 from the Department of Health and Human Services' Office for Civil Rights as it enforces the HIPAA privacy, security and breach notification rules? Making a prediction is difficult, given all the changes at HHS.
Compared to the mega-breaches that hit the healthcare sector in 2015 and 2016, the top 10 breaches reported for 2017 were far smaller. Security experts analyze whether that's really a sign of progress.
Federal regulators have set up online resources to help healthcare providers as well as consumers navigate circumstances under which HIPAA permits a covered entity to disclose mental health or substance abuse information to a patient's family members and caregivers.
The Trump administration has belatedly announced that hackers tied to the government of North Korea were behind the WannaCry ransomware outbreak that began in May and infected more than 200,000 endpoints across 150 countries. Why is the White House only now airing its attribution?