HITRUST announced the creation of a Threat Catalogue to aid healthcare organizations in improving their information security posture by better aligning cyber threats with HITRUST CSF risk factors and controls.
Read More
By Marla Durben Hirsch – Providers continue to be confused as to how to dispose of their trash without running afoul of HIPAA. But the stakes are now higher – because it’s often the provider’s trash collector that’s exposing the patient data that’s in the garbage.
By Lucia Savage JD – Important work to ensure the health system is functioning properly is conducted by a wide variety of entities at the federal, state, and local level.
By Bob Grant – The HHS Office for Civil Rights announced that NY Presbyterian Hospital would be required to pay a $2.2M settlement after the “egregious disclosure” of two patients’ protected health information. NYP allowed an ABC film crew and staff from the show “NY Med” to film two patients, one of whom was dying, and another experiencing serious distress.
By Bob Grant – Understanding the regulatory requirements that govern the use and disclosure of protected health information (PHI) is essential for health care professionals operating across the country. However, federal HIPAA regulation only accounts for a portion of those requirements.
By Irv H. Lichtenwald – Not that long ago, healthcare worried mostly about the physical loss of personal health information (PHI) by way of a lost thumb drive, a stolen laptop, some misplaced paper files. These were the primary concerns in HIMSS initial 2008 security survey.
Five years later, the largest healthcare security breaches came from cyber attacks not lost or stolen devices.
By Matt Fisher – With the start of a new year, it seems like a good time to take stock of privacy of healthcare information, which is currently a very hot topic. As was discussed in great detail, 2015 saw a continuing explosion of breaches concerning healthcare information, which put both privacy and security in the limelight.
By Steve Spearman – Once upon a time, all a healthcare organization needed to do to ensure that its vendors and subcontractors would keep data secure was to require it in their contractual agreement. However OCR’s recent efforts to strengthen what it believes could be the weakest link in HIPAA compliance and PHI security: vendors and subcontractors.
By Steve Spearman – This past summer, the state of Colorado’s Medicaid program, the Colorado Department of Health Care Policy and Financing (HCPF), accidentally sent letters containing PHI to the wrong addresses, affecting individuals from 1,069 households.