As 2020 approaches, healthcare experts forecast necessary information security priorities for the coming year. They will also look back at the mistakes made over the past decade.
Healthcare organizations continue to grow and change at an unprecedented velocity. With 2019 outpacing previous years for acquisitions,...
Enforcing patients' rights under HIPAA to access their health information - including via health apps - is a top policy initiative at the HHS Office for Civil Rights, Director Roger Severino said in a Wednesday presentation. He also said a $2.1 million HIPAA penalty would be announced soon.
Seven healthcare and health IT industry groups are asking Congress to apply the brakes in issuing a final rule on interoperability, information blocking and health information exchange as required under the 21st Century Cures Act, citing concerns about privacy and other issues.
Some healthcare IT industry groups and large provider organizations are pushing the Senate to follow the House's lead and approve a measure to lift the 20-year ban on federal funding of the development or adoption of a unique national patient identifier. Why is this still such a hot privacy issue?
Google and the University of Chicago Medical Center have filed motions to dismiss a class action lawsuit that alleges patients' records were not properly de-identified by the hospital before they were shared with Google for research. Legal experts offer an analysis of the privacy case.
The Department of Health and Human Services has issued proposed changes to privacy rules related to the sharing of patient records created by federally assisted substance use disorder treatment programs. Do the proposals go too far, or not far enough?
DirectTrust's new effort to develop a standard for instant messaging in healthcare could potentially help providers securely communicate in real time over multiple platforms, says Scott Stuewe, the nonprofit alliance's president and CEO.
A watchdog agency review of a VA medical center in California spotlights security issues involving medical device "workarounds" that some experts say are common but often overlooked or underestimated risks.
A lawsuit against the University of Chicago Medical Center and Google seeking class action status points to the important privacy and security issues raised when sharing patient data for research purposes - and whether data can be truly "de-identified."
A Kansas hospital has agreed to pay $250,000 to settle allegations that it falsely attested to conducting a security risk analysis as required under the HITECH Act electronic health records financial incentives program. Two whistleblowers in the case will receive $50,000 from the settlement.
Federal regulators have smacked a cloud-based electronics health records vendor with a $100,000 HIPAA settlement in the wake of a 2015 cyberattack that affected millions of individuals. What's the focus of the enforcement action?
Federal regulators and medical device maker Philips have issued alerts about a security vulnerability in the company's Tasy electronic medical records system that could put patient data at risk. How common is this type of vulnerability?
Healthcare stakeholders and security and privacy experts are sizing up the second draft of the government's Trusted Exchange Framework and Common Agreement, the latest in a decades-long series of attempts to pave the way for secure national exchange of health information to improve patient outcomes.
Among the hundreds of responses to a federal request for comments about potential changes to the HIPAA rules were suggestions for "safe harbors" that would shelter organizations with strong security strategies from HIPAA enforcement actions after a health data breach.