With the advent of technology in personal healthcare - Internet-connected glucose monitors, intravenous blood pressure monitoring, personal 'best friend' emotional bots - there is a lot of highly sensitive data that is rampantly traversing the airwaves. And the impact of this data getting in the wrong hands is just...
Two Indiana attorneys, frustrated by delays in obtaining patient records on behalf of clients, are seeking more than $1 billion in damages in a lawsuit alleging 60 hospitals in the state fraudulently received HITECH Act electronic health record incentive payments.
The California attorney general's office has smacked Cottage Health System with a $2 million settlement in the wake of breaches in 2013 and 2015. What lessons can be learned from this significant enforcement action?
Every new cybersecurity regulation includes at least some emphasis on improving vendor risk management. But what happens when vendors balk at the extra degree of scrutiny required? Moffitt Cancer Center's Dave Summitt describes his risk-based approach to business associates.
HealthcareInfoSecurity Executive Editor Marianne Kolbasuk McGee reflects on the just-concluded Healthcare Security Summit in New York in the latest edition of the ISMG Security Report. Also, PCI Security Standards Council CTO Troy Leach addresses ransomware risks.
Clearly, adherence to HIPPA, NIST and other regulators in healthcare is paramount, but that does not mean that your organization isn't vulnerable to cybercrime hacking. When the average breach is worth $3.62 million with $380 per patient record compromised (as per Ponemon's 2017 Cost of
a Data Breach Report), the...
Longtime privacy advocate Deven McGraw has left her positions leading health information privacy efforts at the Department of Health and Human Services. What's next for privacy leadership at HHS?
A lawn mower engine manufacturer's notification to federal regulators of a health data breach impacting thousands of its workers highlights the HIPAA compliance duties for businesses that are self-insured for healthcare.
Key gaps in how healthcare entities defend against cybercrime hacking have emerged. Even organizations strictly adherent to HIPAA, NIST or other regulators are still unaware of how their practices compare to their industry peers and whether or not they are lagging behind.
Has your organization assessed and mitigated...
A bipartisan group of five senators has asked a watchdog agency to produce "clear recommendations" for how to make sure the right patients are matched to the right records to help improve the quality of care and crack down on medical and identity fraud. But will that require a national patient identifier?
Healthcare organizations, regardless of size, IT resources and budget, are faced with adequately protecting sensitive information and complying with HIPAA, PCI and other requirements. But many organizations that need to develop more mature cybersecurity programs struggle with where to start. What will deliver the most...
Data protection legislation and regulatory enforcement actions are rapidly changing throughout the world, having an immediate impact on how organizations globally approach cybersecurity, privacy, breach notification and data storage and protection. Too frequently, however, U.S. healthcare organizations have built...
It's been four year since the HIPAA Omnibus Rule went into effect. So what have been the most significant changes in compliance and breach trends since then?
Recent changes by the HHS to the certification program for electronic health record software could potentially weaken efforts to ensure EHRs meet federal requirements, including those that impact security, says attorney Maya Uppaluru, who formerly was on the HHS staff.
Through an ongoing series of Healthcare Security Readiness workshops, key gaps in how healthcare organizations defend against cybercrime hacking have emerged. Has your organization assessed and mitigated gaps in security...or are even aware of what they are?
In the following ISMG interview transcript, David...
