Healthcare Information Security

Patient Privacy

Patient privacy questioned in DEA data request

by Nicole Freeman

The government’s use of warrantless subpoenas is coming under fire in a case between the American Civil Liberties Union (ACLU) and the state of Oregon, and the US Drug Enforcement Administration (DEA), according to a report from The Bulletin....

Coordinating healthcare data privacy with security objectives

by Patrick Ouellette

Last week, we discussed some current privacy initiatives and concentrations with Kevin Haynes, the Chief Privacy Officer of Nemours, on But in addition to his own work, Haynes described how patient privacy work must align...

Nemours Chief Privacy Officer focuses on training, awareness

by Patrick Ouellette

Though healthcare privacy can often (and incorrectly) be grouped together with security, patient privacy shouldn’t be understated in a healthcare setting. In fact, privacy training, procedures, auditing and monitoring, compliance, controls,...

Patient privacy questions pop up at health-screening kiosks

by Patrick Ouellette

Patient data privacy concerns are no longer limited to the confines of a healthcare organization or even their own home, as an interesting report from California described the privacy issues created by health-screening kiosks. Similar questions...

HHS releases proposed rule on HIPAA, mental health reports

by Patrick Ouellette

Almost a year after issuing an Advance Notice of Proposed Rulemaking (ANPRM) in the Federal Register, the Department of Health and Human Services (HHS) has released a proposed rule based on comments regarding the HIPAA Privacy Rule and the National...

Healthcare CIO: Providers have increased focus in security

by Patrick Ouellette

Beth Israel Deaconess Medical Center (BIDMC) CIO John Halamka recently wrote a blog post with some final thoughts and key events of 2013. No. 3 on his list was security and privacy turning into healthcare Board-level priorities. There are new...

Bitcoin in healthcare: The value v. security debate

by Patrick Ouellette

Among the more polarizing topics in IT at the moment is the fluctuating value of the bitcoin. We recently wrote about some of the benefits and risks of the Bitcoin in healthcare on and there has been plenty of action and...

Assessing Bitcoin’s benefits, security risks in healthcare

by Patrick Ouellette

Because of the prevalence of medical identity fraud in the healthcare industry, healthcare providers are beginning to think outside of the box as to how to keep their patients’ data private. San Francisco physician Paul Abramson has made...

Tennessee Supreme Court, trial court differ on HIPAA ruling

by Patrick Ouellette

How each state’s different courts interpret HIPAA compliance in relation to individual lawsuits can prove to be worth paying attention to, as the Tennessee Supreme Court dismissed a woman’s lawsuit because she failed to comply with HIPAA’s...

Reviewing EHR patient portal authentication levels

by Patrick Ouellette

While EHR patient portals are tied to the EHR Meaningful Use Program’s patient engagement requirements, securing and authenticating user access is a critical part of the process. During iHT2’s “Secure Access for Web-based Patient Portals...

GAO boosts HIT Policy Committee privacy, security expertise

by Patrick Ouellette

Government Accountability Office (GAO) head Gene L. Dodaro announced last week that GAO had appointed three new members to the Health Information Technology (HIT) Policy Committee. David Kotz, PhD, will serve as a committee privacy and security...

Patient portal privacy: Authentication, password management

by Patrick Ouellette

Much of a healthcare privacy and security professional’s daily life revolves around trying not to impede IT innovation while securing patient data and efforts to achieve this state of equilibrium apply to EHR patient portals as well. Adam...

Physicians on social media must ensure patient privacy

by Patrick Ouellette

For all intents and purposes, most social media platforms are still considered the “Wild West” for clinical staff members that have been tasked with engaging with patients regularly while respecting their privacy as well.  The Rhode...

EHR patient portal security concerns and tips

by Patrick Ouellette

Though EHR patient portals only allow access to a portion of medical record to patients and not all clinical notes included in these portals, the privacy and security of these portals remains a hot topic of conversation. Even if merely appointment...

Weighing healthcare CISO short-term goals v. innovation

by Dom Nicastro

Healthcare CISOs are like any other IT professional in that the quest for long-term innovation can often be stifled by short-term needs. The trick to meeting long-term privacy and security goals can be stepping back from the day-to-day from time...

Five healthcare CISO priorities for a secure environment

by Patrick Ouellette

If you ask a healthcare Chief Information Security Officer (CISO) what their biggest focus is at the moment is, they may respond by inquiring why they can only pick one primary security objective. Multi-tasking with highly-important duties is...

ONC’s privacy standards work stopped in government shutdown

by Patrick Ouellette

Although just last week the Office of the National Coordinator for Health Information Technology (ONC) told a HIMSS Privacy and Security Forum audience that patient privacy was of the utmost importance, privacy standards activities were discontinued...

Military Health System study analyzes privacy challenges

by Patrick Ouellette

BOSTON – Considering the privacy issues with the Veterans Affairs (VA) recently, military health data privacy has been a hot-button issue in the healthcare sector lately. It seems as though the Military Health System concurs with the notion...

ACLU, DEA squabble over patient prescription privacy rights

by Patrick Ouellette

A disagreement between American Civil Liberties Union (ACLU) and Drug Enforcement Administration’s (DEA) regarding Constitutional interpretation of the DEA’s rights of access to patient prescription data continues to get more heated....

Going beyond HIPAA compliance: CISO security principles

by Patrick Ouellette

BOSTON - For Jennings Aske, Chief Information Security and Privacy Officer of Mass.-based Partners Healthcare, it was a natural tendency as a trained attorney to explain to clinical staff why information privacy and security were imperative...


SIGN UP and gain free access to articles, white papers, webcasts and exclusive interviews on

HIPAA Compliance
Data Breaches

Our privacy policy

no, thanks