Healthcare Information Security

EHR Security

Stakeholders Desire Clarification on Secure Data Exchange in TEFCA

February 22, 2018 - ONC must further clarify secure data exchange aspects in its Trusted Exchange Framework and Common Agreement (TEFCA) draft, and also explain how HIPAA regulations will apply, according to industry stakeholders. One of the TEFCA principles discusses the secure exchange of electronic health information, HIMSS noted in its response to ONC. Data confidentiality and availability should also be...

More Articles

Healthcare Cybersecurity Threats Hinder HIT Development

by Elizabeth Snell

Healthcare organizations across the globe are working to adopt and deploy EHRs without opening themselves up to interoperability issues, healthcare cybersecurity threats, and HIT infrastructure problems, according to a recent Black Book survey....

Why Providers Need a Disaster Recovery Plan for EHR Security

by Elizabeth Snell

Whether healthcare providers are working to prepare for potential natural disasters like hurricanes or manmade cybersecurity issues (i.e., ransomware attacks, insider data breaches) having a disaster recovery plan is essential. Entities of all...

29K Impacted by SSM Health Data Breach from Unauthorized Access

by Elizabeth Snell

St. Louis, Missouri-based SSM Health recently reported that it experienced a potential data breach after an employee accessed patient records without authorization. The access occurred between February 13, 2017 and October 20, 2017 when the employee...

Applying US-CERT IoT Security Best Practices to Healthcare

by Elizabeth Snell

The Internet of Things (IoT) is quickly becoming integrated into the daily operations of numerous organizations, which means that entities need to keep IoT security a top priority, according to the US Computer Emergency Readiness Team (US-CERT)....

73 Percent of Medical Professionals Share Passwords for EHR Access

by Kate Monica

A recent study examined the prevalence of password sharing among healthcare providers and found nearly three-quarters of surveyed medical professionals have used another staff member’s password to obtain EHR access at work. The study by...

EHRA: Health Data Sharing Not Aided with Regulatory Penalties

by Elizabeth Snell

Advocating for penalizations for providers and EHR developers is the wrong approach for encouraging health data sharing, according to a recent EHR Association (EHRA) blog post. Written in response to a Health Affairs post by former ONC Chief...

Improper Disposal Creates PHI Security Concern for 1.8K

by Kate Monica

On June 16, the Texas Health and Human Services Commission (HHSC) notified patients of a recent potential security breach that may have involved the PHI of 1,842 residents of the Houston area. The incident was discovered when a box of forms containing...

Unauthorized EHR Access Potentially Exposes 14K Records

by Kate Monica

On February 27, 2017, the Diamond Institute for Infertility and Menopause discovered a potential data breach in which an unauthorized individual gained access to a third-party server containing patient EHRs. While the patient EHRs and the database...

Effects of Patient Distrust on Health Data Exchange Security

by Kate Monica

In a recent survey, Black Book polled a national panel of over 12,000 consumers to gauge patient interaction with technology and their perception of the usefulness of these technologies. The organization found that 57 percent of respondents are...

Healthcare Web Application Attacks Increase in Past Year

by Elizabeth Snell

There has been a 14 percent increase in overall web application attacks from Q1 2016 to Q2 2016, while healthcare web application attacks have also increased in the past year, according to recent research from Akamai. DDoS attacks also increased...

DoD Wants Army EHR Security Audit, Security Protocol Review

by Elizabeth Snell

The Department of Defense plans to investigate whether or not the Army implemented effective security protocols to protect electronic health records through an EHR security audit, set to be performed in August 2016. The DoD Inspector General...

Stolen Patient Records in OH Lead to Potential PHI Breach

by Jacqueline Belliveau

An Ohio-area dental practice has notified 7,784 individuals of a potential PHI breach after patient records were stolen, reported the Office of Civil Rights on its website. In a HIPAA breach notification letter, Sunbury Plaza Dental explained...

Most Hospitals Consider EHR Security in Contingency Planning

by Elizabeth Snell

Nearly two-thirds of hospitals reported that EHR security is considered through their application of  HIPAA rules as they implement contingency planning, the Office of Inspector General found. Furthermore, when it comes to EHR contingency...

Bizmatics Healthcare Data Breach Affects Another 22K Patients

by Jacqueline Belliveau

North Ottowa Medical Group has identified a hacking incident at Bizmatics, an EHR vendor, as the source of a potential healthcare data breach, according to a press release. The Michigan-based medical group was notified by Bizmatics that servers...

EHR Data Potentially Exposed in Vendor Healthcare Data Breach

by Jacqueline Belliveau

Another medical center has reported a potential healthcare data breach stemming from a hacking incident affecting EHR vendor Bizmatics, according to a HIPAA notification letter on the ENT and Allergy Center’s website. The Office of Civil...

Improper Employee Access Creates Potential Health Data Breach

by Jacqueline Belliveau

ProMedica, a healthcare organization in Ohio, has investigated a potential healthcare data breach after discovering several employees had inappropriately accessed the private medical records for patients they were not directly treating. According...

Hackers Cause Possible Healthcare Data Breach for 40K Patients

by Jacqueline Belliveau

A Connecticut-based podiatry group is facing a possible healthcare data breach that has impacted approximately 40,491 individuals after hackers accessed network services, according to the Office of Civil Rights data breach report. An outside...

How DDoS Attack Increase May Affect Healthcare Cybersecurity

by Jacqueline Belliveau

More organizations experienced multiple distributed denial of service (DDoS) attacks in the fourth quarter of 2015, which could spell out trouble for healthcare cybersecurity measures, especially for cloud-based services. According to Akamai’s...

How Can Hospital Ransomware Policies Improve in the Industry?

by Jacqueline Belliveau

As healthcare data security incidents become more sophisticated, covered entities and their business associates are attempting to develop security procedures that better manage hospital ransomware threats. With the help of several government...


SIGN UP and gain free access to articles, white papers, webcasts and exclusive interviews on

HIPAA Compliance
Data Breaches

Our privacy policy

no, thanks