Healthcare Information Security

HIPAA Compliance

Office for Civil Rights veteran Susan McAndrew retires

by Patrick Ouellette

Susan McAndrew, former Deputy Director for Health Information Privacy at the Office for Civil Rights (OCR), officially retired from Federal service on Friday, May 2, 2014. McAndrew was responsible for implementing and enforcing the HIPAA Security...

OIG report looks into Medicaid agency HIPAA BAA compliance

by Patrick Ouellette

A recent Office of Inspector General (OIG) report concentrated on how all 56 Medicaid agencies handle outsourcing administrative functions offshore, including whether they have HIPAA business associate agreements (BAAs) in place. The OIG found...

Unifying healthcare providers’ HIPAA and fundraising needs

by Patrick Ouellette

Ensuring that privacy and security needs don’t deter from a healthcare organization’s business initiatives, and vice-versa, requires the organization to have a strong understanding of the HIPAA Omnibus rule’s terminology. For...

Office for Civil Rights: HIPAA audits to be narrower in scope

by Patrick Ouellette

Details of the second phase Department of Health and Human Services (HHS) Office for Civil Rights (OCR) HIPAA audits are beginning to filter through and healthcare organizations would be smart to pay attention to OCR’s audit plans. It’s...

TigerText’s HIPAA guarantee: Provider, vendor ramifications

by Patrick Ouellette

Most healthcare professionals will agree that there are more secure messaging options out there than they can count. With different vendors competing against each other for hospital and provider business with their own versions of mobile platforms...

HHS, Medscape activity offers EHR privacy, security tips

by Patrick Ouellette

As the Department of Health and Human Services (HHS) reminded the HIMSS14 audience of a few months ago, HHS has been making concerted efforts to offer providers as many HIPAA related resources as possible. One of the latest pieces of content...

Involving nurses in mHealth strategy may boost security

by Patrick Ouellette

When considering how clinical and innovation requirements fit into their mobile strategy, some organizations don’t consider nurses’ needs as well. Spyglass Consulting Group recently released “Point of Care Communications for...

Calculating mental health data exposure ramifications

by Patrick Ouellette

When discussing patient privacy, mental and behavioral health records have a higher standard of care because of the sensitive nature of the information. Mental health patients have the subjective right to decide what is and isn’t available...

mHealth adoption creates data security challenges

by Nicole Freeman

The use of mobile devices within healthcare (mHealth) is rising as physicians, nurses, and other healthcare providers enjoy the portability and flexibility that mobile devices allow. Smart phones, tablets, and laptops provide easy access to health...

Survey: Data breach risk biggest concern for mHealth use

by Nicole Freeman

According to a recent Axway survey conducted during HIMSS14, data breaches are the biggest concern in mobile health (mHealth) technology for healthcare IT professionals. Axway is a provider of data flow management software, and its poll surveyed...

Small organizations’ steps toward 2014 HIPAA audit readiness

by Patrick Ouellette

While working directly with healthcare organizations on the challenges that HIPAA and HITECH present, Tony Kong, Director of the West Monroe Partners healthcare practice, believes there are reasonable compliance steps that organizations can take...

Healthcare provider advice in gearing up for 2014 HIPAA audits

by Patrick Ouellette

With the Office for Civil Rights (OCR) in the midst of organizing its 2014 HIPAA auditing program, now is a good time for healthcare providers to begin assessing their state of compliance and determine their readiness for these potential audits....

OCR readies pre-audit survey for HIPAA covered entities, BAs

by Patrick Ouellette

The Office for Civil Rights (OCR) began to set the table for its 2014 auditing program when it published an information collection request for HIPAA covered entities and business associates (BAs) in the Federal Register yesterday. While the exact...

Middlesex Hospital uses Splunk software for HIPAA compliance

by Nicole Freeman

Middlesex Hospital, a HIMSS Stage 6 hospital, is using Splunk Inc. real-time operational intelligence software to meet HIPAA and HITECH standards throughout its hospital IT network and to secure its electronic healthcare records (EHR). The...

(ISC)2 offers healthcare IT security and privacy training

by Nicole Freeman

(ISC)² (“ISC-squared”), a not-for-profit group of certified information and software security professionals, is offering a specialized program meeting its HealthCare Information Security and Privacy Practitioner (HCISPPSM) credential....

HIMSS14 session preview: HIPAA security controls & analytics

by Nicole Freeman

While healthcare organizations are often warned of data breaches and the need for security measures, there may be concern as to what kinds of protection are needed. How much security is enough? What does each unique provider need to do to protect...

HIMSS14 session preview: Patient privacy trends

by Nicole Freeman

Protecting patient data should be a high priority for all healthcare providers, and the government continues to create policy regarding the protection and access of protected health information (PHI). The Department of Health and Human Services...

HIMSS14 session preview: Encrypting data at rest

by Nicole Freeman

Healthcare providers often hear about the benefits of encrypting protect health information (PHI), and the data breaches that become more serious when information is unencrypted. Encrypting data at rest is required of HIPAA-covered entities per...

WEDI publishes health data breach notification tips

by Patrick Ouellette

The Workgroup for Electronic Data Interchange (WEDI) Privacy and Security Workgroup recently published its Breach Risk Assessment Issue Brief to offer reminders to healthcare organizations regarding the breach notification decision process. According...

HIMSS14 session preview: Privacy and compliance practices

by Nicole Freeman

Healthcare organizations are consistently reminded of their need to protect patient privacy and data, and HIPAA compliance is a requirement for all providers and their business associates (BAs). For healthcare systems, however, there is also...

X

SIGN UP and gain free access to articles, white papers, webcasts and exclusive interviews on

HIPAA Compliance
BYOD
Cybersecurity
Data Breaches
Ransomware

Our privacy policy

no, thanks