Healthcare Information Security


HIMSS14 session preview: Patient privacy trends

by Nicole Freeman

Protecting patient data should be a high priority for all healthcare providers, and the government continues to create policy regarding the protection and access of protected health information (PHI). The Department of Health and Human Services...

Organizations adding cyber insurance in lieu of data breaches

by Patrick Ouellette

With data breaches come heavy costs from both a financial and public relations perspective and organizations are beginning to prepare for the financial repercussions. The Boston Globe recently reported that, based on research done by Marsh LLC,...

HIMSS14 session preview: Encrypting data at rest

by Nicole Freeman

Healthcare providers often hear about the benefits of encrypting protect health information (PHI), and the data breaches that become more serious when information is unencrypted. Encrypting data at rest is required of HIPAA-covered entities per...

WEDI publishes health data breach notification tips

by Patrick Ouellette

The Workgroup for Electronic Data Interchange (WEDI) Privacy and Security Workgroup recently published its Breach Risk Assessment Issue Brief to offer reminders to healthcare organizations regarding the breach notification decision process. According...

Measuring risk analysis benefits for healthcare organizations

by Patrick Ouellette

As frequently as risk analysis is discussed and referenced as a way in which healthcare organizations can prevent data breaches and bolster their security efforts, some organizations may have a narrow view of its benefits. Mac McMillan, CEO of...

OCR complaint filed against St. Rose Dominican Hospitals

by Patrick Ouellette

Because it allegedly compromised patient records as part of gaining leverage in a contract dispute, Dignity Health, which owns St. Rose Dominican Hospitals, is in the process of dealing with a complaint filed with the Office for Civil Rights...

HIMSS14 session preview: Privacy and compliance practices

by Nicole Freeman

Healthcare organizations are consistently reminded of their need to protect patient privacy and data, and HIPAA compliance is a requirement for all providers and their business associates (BAs). For healthcare systems, however, there is also...

HIMSS14 session preview: Coordinating ACO privacy & security

by Nicole Freeman

Accountable care organizations (ACOs) are being formed in different sizes across the country in an effort to improve patient access to care, the quality of care received, increase affordability, and, in some cases, switch to a value-based reimbursement...

HIMSS14 session preview: Meaningful use risk assessments

by Nicole Freeman

As healthcare data breaches continue to occur, providers are often reminded that staff training and encryption are key to securing patients’ protected health information (PHI). These are not the only processes necessary to safeguard information,...

Post healthcare data breach Dos and Don’ts

by Deena Coffman

No healthcare provider or other HIPAA covered entity expects to experience a data breach. But, if your organization does encounter an exposure, how you handle it could counterbalance the negative impact of the breach and preserve your reputation....

What will Google cloud BAA support mean for health developers?

by Patrick Ouellette

Google recently announced that Google cloud services will now include support for HIPAA covered entities. For some organizations that are wary of using cloud applications, this was a ho-hum announcement. But for those who are working toward building...

HIMSS14 session: Creating a breach incident response team

by Nicole Freeman

HIMSS14, which will be held February 23-27 in Orlando, Fla., will feature an educational session titled “Breach Incident Response: Creating Value Through an Integrated Investigative Team” on Monday, February 24 from 1-2 p.m. This session...

Easter Seals notifies 3,026 clients of health data breach

by Patrick Ouellette

The Easter Seal Society of Superior California sent health data breach notification letters to 3,026 Easter Seals clients and potential clients on Friday after an employee’s work-issued laptop was stolen. According to the release, the laptop...

Patient VDT portal authentication: Privacy considerations

by Patrick Ouellette

The Privacy and Security Tiger Team continued its discussion of access to View/Download/Transmit portals by friends, family members and personal representatives during its meeting on Monday, February 10. But before the Tiger Team was able to...

Vendors to showcase secure solutions at HIMSS14

by Nicole Freeman

As HIMSS14 in Orlando gets closer, vendors are announcing their participation and product showcases. Patient data security continues to be a focal point in the healthcare industry, and companies are eager to share their HIPAA-compliant offerings....

Google extends HIPAA BAA support to cloud app developers

by Patrick Ouellette

Google will continue to warm up to HIPAA covered entities and business associates (BAs) in 2014, as Matthew O’Connor, Google Product Manager, recently wrote that Google cloud services will now include support for HIPAA covered entities. Google...

University of Miami Health System loses patient records

by Nicole Freeman

The University of Miami Health System (UHealth) has lost patient records containing protected health information (PHI), according to a report by Miami New Times. The Health System, which is one of Southern Florida’s largest health providers,...

HIPAA requires providers using Skype to have BAAs

by Nicole Freeman

As expanding technology gives doctors new ways to contact patients and share their information HIPAA compliance questions continually pop up. Do the products being used protect patient data? Are additional safeguards required to comply with HIPAA?...

Healthcare attorney highlights HIPAA Omnibus changes

by Patrick Ouellette‘s recent webcast, “HIPAA Omnibus Rule compliance tips and best practices“, provided a variety of takeaways from presenter and Dunkiel Saunders healthcare attorney Eileen Elliott. One of the biggest developments...

CDT reviews telehealth privacy, security gaps and needs

by Patrick Ouellette

A recent report, titled “For Telehealth To Succeed, Privacy And Security Risks Must Be Identified And Addressed“, takes a long look at patient privacy and security questions surrounding telehealth, as well as the need for more substantial...


SIGN UP and gain free access to articles, white papers, webcasts and exclusive interviews on

HIPAA Compliance
Data Breaches

Our privacy policy

no, thanks