The FDA has issued new guidance spelling out its policy for organizations using electronic health record data in FDA-regulated clinical investigations, such as studies of the long-term safety of various drugs. Among other criteria, the EHRs need to contain certain privacy and security controls, the agency says.
A ransomware attack that forced a Missouri medical center to divert ambulances carrying trauma and stroke patients to other facilities serves as a reminder of the impact cyberattacks can have on healthcare delivery. What are the lessons to learn?
As the Department of Health and Human Services explores how to spur innovation and investment in the healthcare sector, cybersecurity is among top issues that need to be addressed, some industry organizations stress.
A federal grand jury in Pennsylvania has indicted a former patient coordinator on several counts of wrongfully obtaining and disclosing the health information of others. The case is the latest rare example of prosecutors pursuing criminal charges for HIPAA violations.
A health system's decision to reportedly suspend about a dozen employees for apparently snooping at health records related to the tragic death of a co-worker spotlights the many challenges involved with preventing and detecting insider breaches.
Addressing an important privacy issue, federal regulators have issued guidance to clarify details about how patients should authorize the use or disclosure of their protected health information for future research - and their right to revoke that authorization.
A mental healthcare practice's decision to pay a ransom to have sensitive patient data unlocked illustrates the difficult choices that organizations can face when attempting to recover from a ransomware attack.
Federal regulators plan to craft a new proposal for revamping a HIPAA Privacy Rule provision for "accounting of disclosures" of electronic patient records. Updating that rule was mandated under the HITECH Act, but the modification has been in limbo since 2011.
Although the National Institutes of Health is implementing strong privacy measures as it begins its effort to enroll 1 million volunteers to contribute data to its "All of Us" precision medicine research project, there are still risks involved, says privacy attorney Kirk Nahra.
Some military health facilities haven't consistently implemented security controls, putting patient data at risk, according to a new watchdog agency report. But security experts say the weaknesses are quite common at civilian health facilities as well.
Data integrity and privacy issues are among potential concerns related to voice-activated "virtual assistant" tools that some vendors are beginning to offer for their electronic health record systems, says privacy and security expert Kate Borten.
To stay ahead of evolving cyber threats, healthcare entities need to deploy a defense-in-depth strategy that includes tapping more advanced tools, including deception technology, says security expert Elie Nasrallah of HITRUST.