A lawsuit alleging that federal regulations "unlawfully" restrict fees healthcare entities can charge for providing patients with copies of their health records shines a spotlight of confusion and obstacle around patients' "right to access" under HIPAA.
Complicating healthcare compliance efforts is the growing trend of migrating patient data to cloud storage and hosted applications such as Health Information Exchange systems. The cloud lowers costs and improves efficiency, but widens the attack surface for data breaches.
To counter this challenge, download this...
Healthcare providers have always been attractive targets for data breaches. Why? The value of a health record is high. According to Reuters, health records are 10 to 20 times more valuable than credit card numbers.
Since healthcare providers depend heavily on patient information, ransomware protection is critical....
In its second HIPAA enforcement action for 2017, HHS has slapped an insurer with a $2.2 million settlement in the wake of a relatively small breach, citing the company's lack of timely corrective action.
HHS has issued new health data privacy guidance and announced a contest to create an online "model privacy notice generator." Plus, it's issued a reminder about the importance of reviewing and securing audit logs to help prevent and detect breaches.
Although HIPAA requires healthcare organizations to conduct a periodic security risk analysis focused on systems containing PHI, larger entities should also perform more comprehensive security self-assessments, advises CISO David Loewy of SUNY Downstate Medical Center, who explains his approach.
In a reminder of HIPAA's tough requirements for breach notification, federal regulators have issued a $475,000 financial settlement and corrective action plan for Chicago-based Presence Health tied to its tardy notification for a 2013 paper records breach affecting only about 800 individuals.
The transition to a new presidential administration makes forecasting for HIPAA enforcement activity in 2017 difficult, says privacy attorney David Holtzman of the consultancy Cynergistek, who sizes up what the HHS Office for Civil Rights might do this year.
The hack of health insurer Anthem exposes data on 80 million Americans. A breach of an electronic health records vendor affects dozens of clinics. A California hospital pays a ransom to get data decrypted by hackers. These and other headline-grabbing breaches are getting the attention of CEOs and boards of directors....
In the on-prem world, companies needed experts for each major area of IT provenance: hardware, networking, systems administration, security, operating systems, virtualization, workload balancing, data integration, data cleansing and quality, and then all the function-specific applications that drive everyday business...
Does your organization really have a clear idea of what measures your business associates are taking to safeguard your most sensitive data? Yet another breach, this one affecting Arkansas Blue Cross Blue Shield, points to the risks.
HITRUST says a growing number of healthcare organizations, seeking to improve risk management, are requiring that their business associates comply with its Common Security Framework. But some experts question whether that's a viable strategy.
Recent breaches and regulatory audits have sharpened the focus on third-party risks. How are healthcare entities tackling this critical topic of business associate management? Attorney David Szabo shares insights.