Healthcare Information Security

Health IT Security and HIPAA News

Provider PHI Access Key Aspect to HIPAA Privacy Rule


The Department of Health and Human Services (HHS) Office for Civil Rights (OCR) recently clarified that business associates cannot block provider PHI access or terminate that access under the HIPAA Privacy Rule. In a Frequently Asked Questions...

HHS Funding to Aid Healthcare Cybersecurity Efforts


In an effort to improve how organizations can respond to healthcare cybersecurity threats, and foster further information sharing in the industry, as well as in the public health sector, the Department of Health and Human Services (HHS) awarded...

FDA Information Security Weaknesses Create Health Data Risk


The Food and Drug Administration (FDA) must still improve in its efforts to fix information security weaknesses found by the US Government Accountability Office (GAO), especially as the FDA receives, processes, and maintains sensitive industry...

ISAO SO Releases Cybersecurity Information Sharing Guidance


Last week, The Information Sharing and Analysis Organization Standards Organization (ISAO SO) released several documents on cybersecurity information sharing guidance, focusing on cybersecurity risks, incidents, and best practices. One document...

Utilizing Network Security to Prevent Ransomware Attacks


As healthcare organizations continue to implement new technologies, their data privacy and security measures cannot be an afterthought. This is especially true with healthcare ransomware attacks on the rise, which could compromise patient safety...

GAO Calls for More Guidance, Oversight in HIPAA Regulations


The Department of Health and Human Services (HHS) must improve its guidance and oversight of covered entities and their business associates when it comes to adhering to HIPAA regulations, according to a recent US Government Accountability Office...

Ransomware Attack Affects Servers at USC Hospitals


Last week, USC Keck and Norris Hospitals reported that they had been the victims of a ransomware attack after detecting the malware on two servers. The ransomware was noticed on August 1, 2016, and encrypted the files on both servers, according...

Latest OCR HIPAA Settlement Highlights BAA Importance


Care New England Health System (CNE) agreed to an OCR HIPAA settlement after it was found to have not had a current business associate agreement in place to keep PHI secure. Woman & Infants Hospital of Rhode Island (WIH) was a CNE covered...

Are More State Data Breach Notification Laws Recognizing PHI?


Federal regulations, such as HIPAA and the HITECH Rule, garner the majority of attention when it comes to the data breach notification process. However, state laws also exist, and tend to vary. Covered entities and business associates must ensure...

The Role of HIM Professionals in HIPAA Compliance


Individuals in the health information management (HIM) field play a critical role in covered entities’ approaches to data security, especially HIPAA compliance. HIM professionals are often “acquiring, analyzing, and protecting digital...

Healthcare Web Application Attacks Increase in Past Year


There has been a 14 percent increase in overall web application attacks from Q1 2016 to Q2 2016, while healthcare web application attacks have also increased in the past year, according to recent research from Akamai. DDoS attacks also increased...

Unauthorized HIE Access Leads to MA Data Security Incident


Massachusetts-based Codman Square Health Center is notifying patients that some of their information may have been exposed after a data security incident stemming from unauthorized HIE access. Codman was notified on July 13, 2016 that an employee...

How Expensive are Cybersecurity Attacks, Data Breaches?


While cybersecurity attacks and other data security incidents are on the rise, the actual costs of these types of scenarios are far less than previously reported, according to research from the Journal of Cybersecurity. Researchers examined over...

Healthcare Cybersecurity Task Force Seeks Industry Input


The recently appointed Healthcare Cybersecurity Task Force is hoping that a crowdsourcing approach will draw in the necessary advice and insight for how the group can best implement change to keep the healthcare industry secure against evolving...

Why Healthcare is a ‘Sitting Duck’ in Data Protection Measures


Healthcare organizations and manufacturers are very vulnerable when it comes to their data protection measures, according to the Intel Security 2016 Data Protection Benchmark Study.   While the gap between data loss and breach discovery...

Mobile Security Key Focus in Recent NIST Resources


The National Institute of Standards and Technology (NIST) recently released two draft resources that highlight current mobile security threats and then provide guidance on how public and private organizations can best approach those threats....

Geisinger Health Plan PHI Disclosure Affects 2,800


Geisinger Health Plan (GHP) recently announced that it experienced an unauthorized PHI disclosure affecting 2,814 members from 220 employers. GHP said it learned on August 4, 2016 that a processing error had taken for July 30, 2016 invoices....

Coordinating Healthcare Data Center Security, Cloud Security


The modern healthcare IT environment has quickly become the home of next-generation technologies. Still, the proliferation of cloud computing and the data-on-demand generation has created new types of challenges for today’s healthcare IT...

Secure Texting, App Security Top Mobile Health Topics


With more covered entities beginning to consider secure texting options or BYOD implementation, it makes sense that certain app security and mobile health security concerns also arise. However, the implementation process can be done securely,...

Cybersecurity Attack Affects MO Behavioral Health Facility


Missouri-based Burrell Behavioral Health recently announced that it was the victim of a cybersecurity attack after an employee’s email account was accessed by an unauthorized party. Burrell made the discovery on July 7, 2016 and immediately...


SIGN UP and gain free access to articles, white papers, webcasts and exclusive interviews on

HIPAA Compliance
Data Breaches

Our privacy policy

no, thanks