Two health IT professional associations are urging Congress to "modernize" HIPAA to extend patients' rights to securely access, view, download and transmit their health information - including health data not currently covered under HIPAA. Regulatory experts size up whether the proposed changes are feasible.
In a groundbreaking effort, the attorneys general of a dozen states have jointly filed a federal lawsuit against a cloud-based electronic health records vendor that reported a 2015 data breach affecting 3.9 million individuals.
A lawsuit over a Florida dentist's inability to access patient data stored by a cloud-based electronic medical records vendor illustrates why all healthcare providers need to plan for possible disruptions caused by disputes with business associates.
Australia's Parliament has passed legislation that strengthens privacy protections for My Health Record, the country's embattled digital medical records program. But questions remain about whether the changes go far enough to restore confidence in electronic health records.
Patient identity management is the prescription for improving remote patient access, portal adoption and patient satisfaction. Forward-thinking enterprises have realized that integrated proven strategies for identity management are a significant factor in success for both patients and providers.
The healthcare industry is now the second most targeted vertical in the world, however despite increased regulatory oversight, cyber threat awareness and security investments, breaches continue to happen. Personal health information (PHI) and electronic health records (EHR) are particularly sensitive as they are...
An advisory council is again urging the Department of Health and Human Services to allow certain donations of cybersecurity technology and services to smaller healthcare providers. Greg Garcia of the council, who will keynote ISMG's upcoming Healthcare Security Summit in New York, explains why.
The Department of Health and Human Services has updated its HIPAA security risk assessment tool to better assist small and mid-sized healthcare entities and their vendors in performing a comprehensive risk analysis. But why is conducting a risk assessment so challenging for so many?
Although HIPAA gives patients the right to access their health records in their preferred format - on paper or electronically - a new study finds discrepancies in the information hospitals provide to patients regarding the release of their records, pointing to the need for better training.
Although the passage by Congress of the Support for Patients and Communities Act this week is an important step in the nation's battle against the opioid drug addiction crisis, it lacks a critical privacy provision, says Geisinger Health CIO John Kravitz, who analyzes the implications.
The U.K.'s data protection regulator has fined Bupa Insurance Services £175,000 ($228,000) for failing to stop an employee from stealing 547,000 customer records, which were later offered for sale on the dark web. The ICO found that the health insurer's CRM system lacked adequate security controls.
As CISOs, CIOs and privacy officers look for ways to boost the timely, secure sharing of healthcare information to improve treatment, one obstacle that potentially stands in the way is CFR-42 Part 2, a 1970s-era regulation. Dozens of healthcare organizations are pushing Congress to change that regulation.
A case involving alleged insider theft of protected health information from a hospital in New York illustrates why healthcare organizations need to take extra precautions to prevent similar incidents. Security experts offer recommendations.
Making bigger advances in implementing nationwide health information exchange will require a multipronged effort, including getting patients more involved and using a variety of technical approaches, says Scott Stuewe, the new president and CEO of DirectTrust.
While healthcare entities and their vendors apparently are improving their encryption practices for computing and storage devices, regulators are also urging organizations to avoid overlooking the importance of physically securing and tracking these devices to help safeguard PHI.