Healthcare Information Security
  • Some Healthcare Firms Struggle To Comply with EU Data Privacy Rule

    June 13, 2018 - Around one-third of healthcare organizations are still “on the journey” to comply with the EU's General Data Protection Regulation (GDPR), even though the GDPR took effect May 25, according to a cross-industry global survey of 3,958 IT leaders by Harvey Nash and KPMG. The good news is that 67 percent of healthcare organizations have completed or mostly completed their GDPR...

  • HIPAA Security Rule Risk Analysis Remains Source of Confusion

    June 12, 2018 - Widespread confusion in the healthcare industry continues to persist about OCR risk analysis requirements under the HIPAA Security Rule, according to legal experts David Gacioch and Edward Zacharias of McDermott Will & Emery. Failure to perform an adequate risk analysis continues to be one of the most commonly alleged HIPAA violations, appearing in half of the settlements OCR has announced...

  • New York Suspends Nurse for HIPAA Violation Affecting 3K Patients

    June 11, 2018 - The state of New York has suspended Martha Smith-Lightfoot, a former nurse at the University of Rochester Medical Center (URMC), for a HIPAA violation. Smith-Lightfoot admitted to disclosing PHI when she took a list of more than 3,000 patients from URMC to her new employer, Greater Rochester Neurology (GRN), in 2015, explained a June 8 article in the Democrat & Chronicle. The list included...

  • Utilizing Healthcare Data Security, Cloud for a Stronger Environment

    June 6, 2018 - Data can be a really powerful tool, but it can also introduce some new challenges and definitely some healthcare data security headaches. Let me pause here for a second and put into perspective just how much data we’re creating. A recent Cisco report indicated that by 2021, data center storage installed capacity will grow to 2.6 ZB, up from 663 EB in 2016, nearly a four-fold growth....


Today's Top Stories

Common Rule’s Final Version Exempts Certain HIPAA Covered Entities

The federal government has issued the final rule for the Federal Policy for the Protection of Human Subjects, known as the Common Rule, that allows, among other things, more secondary research of EHR data by exempting low-risk studies conducted...

WHS Suspends Dozen Employees for Alleged HIPAA Violations

Pennsylvania-based Washington Health System (WHS) has suspended around a dozen employees for alleged HIPAA violations involving inappropriately accessing patient records in a high-profile case, the Observer-Reporter newspaper reported June 18....

Siemens Flags Cybersecurity Vulnerabilities in RAPID Blood-Gas Analyzers

Siemens Healthineers is warning about two cybersecurity vulnerabilities affecting its RAPID blood-gas analyzers that could enable attackers to compromise the confidentiality, integrity, and availability of the devices.  The vulnerabilities...

Judge Upholds $4.3M Fines against MD Anderson for HIPAA Violations

An HHS Administrative Law Judge (ALJ) ruled that the University of Texas MD Anderson Cancer Center (MD Anderson) must pay $4.3 million in civil money penalties for HIPAA violations. The judge backed OCR in its proposed determination, granting...

Cryptocurrency Mining Tops Ransomware Attacks as New Cyberthreat

While ransomware attacks continue to preoccupy the minds of healthcare IT security pros, a new threat is emerging—cryptocurrency mining. Not as devastating as ransomware, cryptocurrency mining malware can still degrade system performance...

Natus Plugs 8 Cybersecurity Vulnerabilities in EEG Software

Natus Medical has updated its NeuroWorks software to plug eight cybersecurity vulnerabilities that could enable an attacker to get control of the Natus Xltek electroencephalogram (EEG) device and crash it, according to a June 14 ICS-CERT advisory....

OCR Guidance Tackles PHI Research Use Under HIPAA Privacy Rule

OCR has issued new guidance on the HIPAA Privacy Rule that explains certain requirements for an authorization to use or disclose PHI for research and clarifies aspects of the individual’s right to revoke an authorization. The guidance implements...

View all stories

X

SIGN UP and gain free access to articles, white papers, webcasts and exclusive interviews on

HIPAA Compliance
BYOD
Cybersecurity
Data Breaches
Ransomware

Our privacy policy

no, thanks