HHS calls for feedback to improve HIPAA guidance on data sharing

(Dec 13, 2018) The U.S. Department of Health and Human Services' Office for Civil Rights has called for feedback on ways to improve guidance within the Health Insurance Portability and Accountability Act in regards to data sharing and privacy, HealthITSecurity reports. Industry stakeholders are asked to cite the HIPAA provisions they believe “present obstacles to these goals without meaningfully contributing to the privacy and security of protected health information and/or patients’ ability to exercise their ... Read More

ONC official 'extremely optimistic' that interoperability will improve in health IT

(Dec 12, 2018) Donald Rucker, who leads the U.S. Office of the National Coordinator for Health IT at the Department of Health and Human Services, said the agency must balance privacy and accessibility, FierceHealthcare reports. The comments come as the health care industry awaits a decision from the Office of Management and Budget on a proposed rule on information blocking. Rucker told lawmakers in the House Energy and Commerce Subcommittee that the agency must balance privacy and accessibility. He added that ... Read More

Hospital suffers payment breach impacting 48K individuals

(Dec 11, 2018) While noting that payment-related breaches are not common in the health care sector, BankInfoSecurity reports that in September, a Texas hospital notified federal regulators of a credit card–processing system hack that may have impacted nearly 48,000 individuals. Wiley Rein's Kirk Nahra, CIPP/US, explained that under the Health Insurance Portability and Accountability Act, payment-related security incidents qualify as reportable breaches since some of the exposed identifiers are considered prote... Read More

Health care industry continues to be inundated with cyberattacks

(Dec 7, 2018) The news of recent attacks only work to support the fact that phishing and ransomware attacks continue to inundate the health care sector, BankInfoSecurity reports. Rebecca Herold, CIPP/US, CIPM, CIPT, FIP, president of Simbus and CEO of The Privacy Professor consultancy, said attacks will keep happening as long as they continue to be lucrative for criminals. She added, "With more pathways being created through new types of technologies and endpoints, there will be more targets for ransomware at... Read More

Manitoba introduces bill permitting PHI disclosures under certain circumstances

(Dec 7, 2018) Health, Seniors and Active Living Minister of Manitoba Cameron Friesen introduced an amendment to the Personal Health Information Act, Global News reports. The bill allows health care professionals to disclose personal health information under certain circumstances, such as when a patient is at risk to harm themselves or others. “These common-sense changes to legislation successfully weighs the health and well-being of individuals against the importance of safeguarding their personal health info... Read More

Advanced Care Hospitalists to pay $500K to settle HIPAA violations

(Dec 5, 2018) The U.S. Department of Health and Human Services announced Advanced Care Hospitalists has agreed to pay $500,000 to the Office for Civil Rights over alleged violations of the Health Insurance Portability and Accountability Act. A local hospital notified ACH in February 2014 that patient information was viewable on the Doctor’s First Choice Billings website. The information included names, dates of birth and Social Security numbers. ACH first informed the OCR 400 individuals were affected by the ... Read More

Attorneys general file lawsuit against Medical Informatics over 2015 data breach

(Dec 4, 2018) Attorneys general from a dozen states have filed a lawsuit against Medical Informatics Engineering and NoMoreClipboard related to their 2015 data breach, KVOA reports. Hackers were able to access a web application run by the companies. The malicious actors stole the protected health information of 3.9 million patients, including names, telephone numbers and Social Security numbers. The attorneys general allege the entities failed to properly implement security measures to prevent the breach and ... Read More

Health care pros' use of smartphones raises HIPAA concerns

(Dec 3, 2018) Health Data Management reports on concerns with health care professionals’ use of personal devices that are not compliant with the Health Insurance Portability and Accountability Act. Health care professionals have moved from using pagers to smartphones to communicate with one another. Asante Chief Medical Information Officer Lee Milligan questions whether those smartphones comply with HIPAA privacy rules and if any messaging is done using secure messaging software. “The main thing with secure m... Read More

ICO fines ex-trainee secretary for illicit medical record access

(Nov 30, 2018) The U.K. Information Commissioner's Office has fined a former trainee secretary at Fakenham Medical Practice after she admitted to the illicit access of 231 medical records. Hannah Pepper admitted to the violations of the Data Protection Act 1998 after it was discovered she had no valid reason to look at the records. Pepper has been ordered to pay a fine of 350 GBP, as well as costs totaling 643.75 GBP. “Data protection law exists for a reason and curiosity or boredom is no excuse for failing to... Read More

NHS could benefit from IoT, but concerns remain

(Nov 29, 2018) ZDNet reports on the benefit the National Health Service could gain from the adoption of internet-of-things devices and the issues it will need to consider before it uses the technology on a wide scale. The report states the NHS could use IoT devices to track patients throughout their stay in the hospital and help share information easier. The NHS will likely look at some of the security issues that have been attached to IoT devices. The report cites insulin pumps and pacemakers that have been r... Read More