Healthcare Information Security

Patient Privacy News

Connecting personal health data with privacy needs

By Patrick Ouellette

- Through myriad mobile health applications linked to wearable devices and smartphone apps, personal health data (PHD) has undeniably become part of healthcare IT. But there also seems to be a divide between what patients know about their PHD privacy and how their data is being used for research.

The Health Data Exploration project, through the California Institute for Telecommunications and Information Technology (Calit2), released a report titled “Personal Data for the Public Good” that, among other things, delved into privacy and data ownership.

About 57 percent of respondents to the report maintained that the dominant condition for making their PHD available for research was an assurance of privacy for their data, and over 90 percent said that it was important that the data be anonymous. Further, while some didn’t care who owned the data they generate, a clear majority wanted to own or at least share owner- ship of the data with the company that collected it.

One specific area of concern is informed consent, as Health Data Exploration researchers are concerned about the privacy of PHD, and the rights of those who provide it. According to researchers, current methods of informed consent are challenged by the ways PHD are being used and reused in research. A variety of new approaches to informed consent are being evaluated and this area is ripe for guidance to assure optimal outcomes for all stakeholders.

  • Will Health Data Privacy, Security Issues Improve in 2016?
  • Privacy and Security Tiger Team holds final 2012 meeting
  • Is Patient Privacy Violated with New Wellness Program Rules?
  • 3 Ways to Break Through the Healthcare Cloud Security Fear
  • Saint Francis Hospital (Conn.) announces 858-patient breach
  • Overcoming the pressures of healthcare compliance
  • St. Mary’s Janesville Hospital reports health data breach
  • Kaiser v. Surefile breach suit dropped but questions linger
  • IT Worker Uncovers Hospital Pagers with Poor PHI Data Security
  • New Research System Helps Reduce Genomic Data Security Risks
  • Redspin service combines HIPAA and PCI DSS analyses
  • DirectTrust Growth Reflects Priority on HIE Security
  • Is Health Data Security At Risk In 21st Century Cures Bill?
  • How Location-Based IT Could Re-invent Healthcare Security
  • ONC Joint HIT Committee Discusses HIPAA Regulation Report
  • Secure Texting Ban Reinstated, Commission Calls for Guidance
  • Potential Horizon BCBS Data Breach for 170K from Printing Error
  • American Medical Association offers HIPAA toolkit
  • Healthcare Data Breach Costs Still Highest Among Industries
  • Enacting healthcare BYOD policies while avoiding risks
  • Memorial Hermann Health System suffers internal data breach
  • CVS rewards program requires customers to waive HIPAA rights
  • DirectTrust meets ONC HIE security accreditation goals
  • HIPAA omnibus changes to notice of privacy practices for PHI
  • UMass Memorial to Pay $230,000 for Healthcare Data Breaches
  • St. Louis Reports HIPAA Violation by County Employee
  • Health Data Privacy, Security Barrier to mHealth Adoption
  • VA Bakersfield clinic closes 2011 data breach investigation
  • Health IT Leaders Cite Data Theft As Key Cybersecurity Concern
  • Employee Theft Results in PHI Data Breach for 16K Children
  • UC Davis Health System Phishing Attack Potentially Impacts 15K
  • How NHHIO keeps data secure while planning innovation
  • Are Healthcare Cybersecurity Measures Strong Enough?
  • Peeling away the layers of health data breach response
  • Primary Health Care PHI Data Security Incident Affects 10K
  • Keeping Strong HIE Security Through Interoperability Push
  • OIG finds data security vulnerabilities in Medicaid systems
  • 4 Tips to Locking Down, Securing Healthcare BYOD
  • HISP to HISP: Building trust by joining Mass. state pipeline
  • HIPAA Regulations v. FERPA Rules In Privacy Rights
  • HIPAA Omnibus Rule webcast: New regulation considerations
  • Michigan Medicine Admits to Healthcare Data Breach in Laptop Theft
  • Auditors find 250 unencrypted University of Iowa Hospital laptops
  • 4.4M Records Exposed in 117 Health Data Breaches in Q3 2018
  • Molina Healthcare contractor mail error exposes patient data
  • Navy, USAF Could Face HIPAA Violation Fines for Lax EHR Security
  • Man found guilty in $1.5 million Medicare identity fraud plan
  • Are Insurance Companies Liable for Possible HIPAA Violations?
  • ICS Collection Service alerts UCPG patients of data breach
  • Privacy & Security Tiger Team tackles HIE query response issues
  • Broward Health sends 960 patient breach notification letters
  • BIDMC CIO discusses mobile device, external event risks
  • VA launches patient identity theft awareness campaign
  • What are Top HIPAA Compliance Concerns, Obstacles?
  • HIMSS Analytics report cites mobile security as top concern
  • 3 Tips to Ensure Healthcare Data Security in Evolving Environment
  • CISOs Stockpile Cryptocurrency in Case of Ransomware Attack
  • Erie County DSS investigating health data breach
  • Oregon Health Insurance Exchange Suffers 18th Breach
  • Health Data Hacking Incident Affects 29K at Texas Hospital
  • FDA Warns of Cybersecurity Vulnerability in Defibrillators
  • Ransomware Attack Raises Health Data Security Worry for 2.6K
  • Did Failed Administrative Safeguards Cause Two Data Breaches?
  • OCR Clarifies PHI Disclosure Guidance in HIPAA Privacy Rule
  • Scenic Bluffs’ Healthcare Data Breach Could Affect 2,889
  • How to Stay HIPAA Compliant When Using Your Healthcare Cloud
  • Healthcare CIO: Providers have increased focus in security
  • Apple bars HealthKit developers from selling health data
  • Surveying healthcare cloud encryption options, strategies
  • Learning from Banking to Mitigate Healthcare Data Breaches
  • ISACA Finds Cybersecurity Skills Gap Leaves 25% of Orgs Exposed
  • Questions linger around sensitive health data security
  • New Jersey Passes Health Data Encryption Law
  • OIG 2014 Work Plan includes PHI, medical device security
  • NYeC receives accreditation from, EHNAC
  • 9 Cybersecurity Vulnerabilities Found in Philips E-Alert Tool
  • Bizmatics Healthcare Data Breach Affects Another 22K Patients
  • CHIME launches CSO education, collaboration initiative
  • Are You Prepared for Wearables and Mobile Health Security?
  • Survey reveals healthcare data security priorities, concerns
  • Health data breach at Blount Memorial hospital
  • Common Rule’s Final Version Exempts Certain HIPAA Covered Entities
  • OCR talks health data breach avoidance best practices
  • Calif. pilot shows nuances of HIE consent, authorization
  • Healthcare Data Security Incidents Second Highest in 2016
  • FDASIA workgroup meets to analyze health IT patient safety
  • Top healthcare CISO concerns: Finding the data, BYOD risks
  • Healthcare BYOD, mobile cloud security restrictions
  • Are HIPAA Regulations the Best Answer for Patient Privacy?
  • McAfee threat report cites mobile malware, social attacks
  • NIST, HHS announce September HIPAA Security Rule conference
  • LSU Health alerts patients of exposed billing data
  • eHealth Initiative survey: HIE security questions linger
  • Maintaining HIPAA Privacy through Increased Patient Access
  • Ponemon Finds 125% Increase in Healthcare Cyber Attacks
  • Hospitals Fail at HIPAA Compliance Re Medical Records Requests
  • Audit Finds Maryland Exchange Lacking in Data Security
  • Breaking Down PHI Security Breaches and Their Impact
  • Healthcare security risk assessment strategy: CISO perspective
  • Why Healthcare Cybersecurity Should be Top Priority for Execs
  • Privacy, informed consent and personal data can become a tangled web in the PHD realm. Researchers said that data privacy, IRBs, informed consent, licensing agreements, network and database security, HIPAA and other legal frameworks (both national and international), user interface design, corporate policies and customer relations all played a part in the complexity of informed consent. The Department of Health and Human Services (HHS) has formed a informed consent checklist for use by researchers that elaborate on the considerations, documentation, and conditions under which a waiver may be granted.

    (1) research that involves minimal risk to subject
    (2) the waiver does not affect the rights or welfare of subjects
    (3) it is not practicable to carry out the research without the waiver
    (4) subjects receive pertinent information after the study (45 CFR 46.116).

    Researchers remained curious whether there is informed consent and how their institutions would handle it. “To me, the whole thing about who should have access to what kind of data really has to do with the person being aware of it,” researchers said.



    SIGN UP and gain free access to articles, white papers, webcasts and exclusive interviews on

    HIPAA Compliance
    Data Breaches

    Our privacy policy

    no, thanks

    Continue to site...