The Department of Health and Human Services' Office for Civil Rights plans to issue a notice of proposed rulemaking to modify the HIPAA rules before the end of the year, says Timothy Noonan, the agency's deputy director for health information privacy.
Several health IT industry groups are urging the FTC to update its health data breach notification rule, designed to cover health data not protected under HIPAA, to better address technological developments and regulatory gaps that have evolved since the rule was implemented a decade ago.
Never store hardcoded credentials in code uploaded to public-facing GitHub repositories, and make sure none of your business associates are doing that. Those are just two takeaways from a new report that describes how nine organizations were inadvertently exposing health records for at least 150,000 patients.
In an exclusive, wide-ranging video interview, Don Rucker, M.D., HHS national coordinator for health IT, discusses why more work needs to be done to protect the privacy of health data as well as why the U.S. needs to ramp up secure health information exchange among clinicians.
Your patients and members are today's consumers, and they expect seamless user experiences. But you can't meet their demands at the expense of security. You must remain a stalwart steward of protected health information (PHI) and personally identifiable information (PII). The distributed nature of healthcare delivery...
A radiology technician allegedly inappropriately accessed thousands of patient records for more than eight years, according to a newly filed breach report from Kaiser Permanente Health Plan of the Mid-Atlantic States. The incident is yet another example of the challenges of dealing with insider threats.
Healthcare organizations need to diligently assess whether a security incident involving patient information truly qualifies as a reportable breach under HIPAA to avoid needlessly reporting it to federal regulators, says regulatory attorney Helen Oscislawski.
The American Medical Association has issued a set of privacy principles for health data that it hopes Congress and regulators will keep in mind as they prepare legislation and regulations. In an interview, AMA Board Chair Jesse Ehrenfeld, M.D., describes the recommendations.
As healthcare organizations across the U.S. respond to the COVID-19 crisis, the list of security and privacy challenges CISOs face continues to grow. Mitch Parker, CISO of Indiana University Health, provides an update on the changing risk management landscape.
More than two dozen healthcare organizations and technology firms have formed a coalition to help address the COVID-19 crisis by using secure information sharing and data analysis. But observers warn the group must devote enough attention to privacy and security issues.
The healthcare industry has seen increasing regulations, an acceleration of technology, consolidation, and the pressure to increase operational efficiencies and decrease overall costs, while meeting growing patient demands. Addressing these issues, while staying focused on delivering quality patient care, means...
The Department of Health and Human Services Monday released its long-awaited interoperability and information blocking final rules. The aim of the rules is to provide patients with easy, secure access to their electronic health information - from electronic health record systems as well as from payers.
Three U.S. senators are demanding more answers from Catholic healthcare system Ascension and Google over "Project Nightingale," which is part of a controversial data-sharing and cloud migration initiative that has raised concerns about sharing patient information without explicit permission.