Federal regulators and medical device maker Philips have issued alerts about a security vulnerability in the company's Tasy electronic medical records system that could put patient data at risk. How common is this type of vulnerability?
Healthcare stakeholders and security and privacy experts are sizing up the second draft of the government's Trusted Exchange Framework and Common Agreement, the latest in a decades-long series of attempts to pave the way for secure national exchange of health information to improve patient outcomes.
Among the hundreds of responses to a federal request for comments about potential changes to the HIPAA rules were suggestions for "safe harbors" that would shelter organizations with strong security strategies from HIPAA enforcement actions after a health data breach.
Guided by a "human-centered" principle, there is nothing more critical to Tri-Counties Regional Center (TCRC), than protecting and promoting the lives of those with developmental disabilities. That is why TCRC proactively secures Personal Health Information (PHI) to protect the people behind that information. Critical...
The HHS Office for Civil Rights is paying particular attention to complaints involving patients' access to their health information; it's also focusing on investigations of organizations with patterns of HIPAA noncompliance, Nick Heesters of the agency explains in an interview at the HIMSS19 conference.
For the second time, the Department of Justice has imposed a substantial fine on an electronic health records software vendor in a case that involves data accuracy and integrity issues that could affect patient safety.
Endpoint detection and response tools and other related security technologies are critical weapons for defending against cyberattacks, says Larry Whiteside, the new CISO at Greenway Health, an electronic health records company.
How can a large healthcare delivery system efficiently handle identity and access management for thousands of clinicians and other users of patient data? Robert Siebenthaler of PeaceHealth explains how his organization, which operates 10 medical centers, has developed a fine-tuned, role-based approach.
Implementing standards for recording demographic data, and also sharing best practices, could help address the challenges involved in matching the right patient with all the right records, a new government study concludes.
The organization that manages IT for Singapore's public healthcare sector says it has terminated, demoted or financially penalized several employees for their roles in the handling of a 2017 cyberattack on SingHealth, the nation's largest healthcare group. What do U.S. security experts think of these measures?
The digital revolution has given healthcare organizations new tools to increase team efficiency and improve their customer experience. But it's also opened up new vectors that cybercriminals can use to attack. As your attack surface expands to web infrastructure that you don't own or control, it becomes increasingly...
Will the Department of Health and Human Services' request for feedback on potential changes to HIPAA eventually result in modifications to the regulation, including certain provisions that touch on privacy and security issues? There's a long road to travel before any changes actually might get made.
Yet another cyberattack against a cloud-based electronic health records vendor has been revealed. This one involved a ransomware attack that potentially exposed data on 16,000 patients of a California eye clinic. What can healthcare organizations do to minimize vendor risks?