Category: Security

Top News UPMC (PA) says that the information of 27,000 of its employees was exposed in a February breach, with 788 of them so far being known to have been victims of fraudulent tax return filings. A lawyer seeking class action status of his lawsuit asks the obvious question: why did the breach involve only…

With HIPAA audits this fall expected to be more narrow in focus, healthcare organizations and their business associates must ensure that their documentation is meticulous, according to Adam Green, a privacy attorney with Washington, D.C.-based law firm Davis Wright Tremaine. read more …read more    

The most basic security truth in 2014 is that encryption done properly — a high enough level of encryption, proper safeguarding of the encryption key — is the best thing an IT department can do. [See also: Where will HIT security be in 3 years?.] Sill, many industries resist encryption — and healthcare is arguably…

As the rapidly evolving healthcare industry faces increasing challenges to keeping PHI protected, there is a growing need to ensure knowledgeable and credentialed security and privacy practitioners are in place to protect this sensitive information. Health IT security expert Sarah Hendrickson further discusses how healthcare organizations can provide a frontline of defense for PHI. A…

Security is a nightmare for all companies, but the very nature of healthcare makes it far worse. It’s not merely onerous government requirements for medical data, or the popularity of security-adverse mobile devices. It’s the need to give tiny medical offices – small, independent businesses, with typically no meaningful IT staff – full network access…

I was recently asked about using patient identified data for fundraising. The HIPAA Omnibus rule does permit the use of department of service, treating physician, and outcomes information in fund raising activities with an understanding that a patient can opt out and their wishes must be respected. *The Notice of Privacy Practices must disclose fundraising…

0 Not too long ago we were all working diligently to deliver handheld solutions to physicians. It was a “mobile device” that would allow access to HIS, patient lists, and lab results. It was either an HP iPaq or some other device that required proprietary wireless connections or syncing with a cradle connection (really old…

When the U.S. Department of Health & Human Services’ Office for Civil Rights resumes HIPAA audits this fall, its own staff will conduct what it’s calling “desk audits” of a narrower focus and comprehensive on-site audits “as resources allow.” read more …read more    

Visual Privacy — the protection of sensitive information as it is displayed on screen — is an emerging issue in information security and an under-addressed area of risk in corporate security policies. Given the rapid digitization of sensitive information and the growing mobility of workers, the need to protect displayed information has grown substantially. …read…

When it comes to maintaining the safety of health information technology and patient data, encryption is almost always one of the first recommendations made by security experts. That’s why news this week about the “Heartbleed”computer bug–which compromised Web encryption program OpenSSL, opening “hundreds of thousands of websites to data theft”–is so disturbing for the industry.…